Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by S.M.A.R.T hdd virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 fmckinley

fmckinley

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 21 June 2012 - 03:08 PM

Hello, I could use some help and want to thank you in advance for you expertise and assistance.

Recently my computer was infected by the S.M.A.R.T hdd virus. Following guidance from several sources, I was able to rid the computer of the virus (or maybe most of it) and recover all files, shortcuts, etc. One problems seams to remain and I can't seem to fix it.

I began receiving the following message from Malwarebytes: "Malwarebytes Anti-Malware blocked a potential malicious website: 206.161.121.3 Type outgoing port 49369, process explorer.exe.

I have downloaded and run the following programs: ,Rkill, GMER and Defogger. I downloaded DDS, but it will not complete. I've let it run 6 times at over 2 hours at a time, and it hangs. I've tried to run DDS in both safemode and regular. No luck. In addition, I've tried to run TDSSKiller, but it also will not run.

I've also noticed since the S.M.A.R.T hdd virus, that I get a lot of unwanted Google redirects. Thank you for you help.
Attached File  rkill.log   370bytes   0 downloads
Attached File  gmer.log   3.36KB   1 downloads

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 AM

Posted 21 June 2012 - 03:13 PM

Hello fmckinley,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fmckinley

fmckinley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 21 June 2012 - 04:41 PM

Thanks for your quick reply.

Step 1: TDSS Rootkit Remover was successfully run. The log is attached.

Step 2: After 45 minutes, this error appeared while running ComboFix: "Freeware implentation of XCACLS has stopped working" I've left ComboFix alone until I hear from you.

13:37:09.0868 1420 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
13:37:09.0883 1420 ============================================================
13:37:09.0883 1420 Current date / time: 2012/06/21 13:37:09.0883
13:37:09.0883 1420 SystemInfo:
13:37:09.0883 1420
13:37:09.0883 1420 OS Version: 6.0.6002 ServicePack: 2.0
13:37:09.0883 1420 Product type: Workstation
13:37:09.0883 1420 ComputerName: FM-DELL1
13:37:09.0883 1420 UserName: Frank
13:37:09.0883 1420 Windows directory: C:\Windows
13:37:09.0883 1420 System windows directory: C:\Windows
13:37:09.0883 1420 Processor architecture: Intel x86
13:37:09.0883 1420 Number of processors: 2
13:37:09.0883 1420 Page size: 0x1000
13:37:09.0883 1420 Boot type: Safe boot with network
13:37:09.0883 1420 ============================================================
13:37:10.0632 1420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:37:10.0632 1420 Drive \Device\Harddisk1\DR6 - Size: 0x1E93C000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:37:10.0663 1420 ============================================================
13:37:10.0663 1420 \Device\Harddisk0\DR0:
13:37:10.0663 1420 MBR partitions:
13:37:10.0663 1420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
13:37:10.0663 1420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x38F6D800
13:37:10.0663 1420 \Device\Harddisk1\DR6:
13:37:10.0663 1420 MBR partitions:
13:37:10.0663 1420 \Device\Harddisk1\DR6\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xF45B1
13:37:10.0663 1420 ============================================================
13:37:10.0694 1420 C: <-> \Device\Harddisk0\DR0\Partition1
13:37:10.0710 1420 D: <-> \Device\Harddisk0\DR0\Partition0
13:37:10.0710 1420 ============================================================
13:37:10.0710 1420 Initialize success
13:37:10.0710 1420 ============================================================
13:37:21.0739 1992 ============================================================
13:37:21.0739 1992 Scan started
13:37:21.0739 1992 Mode: Manual;
13:37:21.0739 1992 ============================================================
13:37:22.0036 1992 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:37:22.0036 1992 ACPI - ok
13:37:22.0114 1992 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:37:22.0114 1992 AdobeARMservice - ok
13:37:22.0160 1992 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:37:22.0160 1992 AdobeFlashPlayerUpdateSvc - ok
13:37:22.0192 1992 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:37:22.0207 1992 adp94xx - ok
13:37:22.0223 1992 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:37:22.0223 1992 adpahci - ok
13:37:22.0238 1992 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:37:22.0254 1992 adpu160m - ok
13:37:22.0270 1992 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:37:22.0270 1992 adpu320 - ok
13:37:22.0285 1992 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:37:22.0301 1992 AeLookupSvc - ok
13:37:22.0301 1992 AERTFilters (97210cde1ba95053cad83d0fbb7c6a89) C:\Windows\system32\AERTSrv.exe
13:37:22.0316 1992 AERTFilters - ok
13:37:22.0363 1992 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:37:22.0363 1992 AFD - ok
13:37:22.0394 1992 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
13:37:22.0394 1992 agp440 - ok
13:37:22.0410 1992 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:37:22.0410 1992 aic78xx - ok
13:37:22.0441 1992 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:37:22.0441 1992 ALG - ok
13:37:22.0441 1992 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
13:37:22.0441 1992 aliide - ok
13:37:22.0472 1992 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
13:37:22.0472 1992 amdagp - ok
13:37:22.0488 1992 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
13:37:22.0488 1992 amdide - ok
13:37:22.0519 1992 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:37:22.0519 1992 AmdK7 - ok
13:37:22.0519 1992 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:37:22.0519 1992 AmdK8 - ok
13:37:22.0550 1992 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:37:22.0550 1992 Appinfo - ok
13:37:22.0644 1992 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:37:22.0644 1992 Apple Mobile Device - ok
13:37:22.0691 1992 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:37:22.0691 1992 arc - ok
13:37:22.0706 1992 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:37:22.0706 1992 arcsas - ok
13:37:22.0738 1992 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
13:37:22.0738 1992 ASPI32 - ok
13:37:22.0816 1992 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:37:22.0816 1992 aspnet_state - ok
13:37:22.0847 1992 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:37:22.0847 1992 AsyncMac - ok
13:37:22.0862 1992 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:37:22.0862 1992 atapi - ok
13:37:22.0909 1992 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:37:22.0909 1992 AudioEndpointBuilder - ok
13:37:22.0925 1992 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:37:22.0925 1992 Audiosrv - ok
13:37:22.0956 1992 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:37:22.0972 1992 Beep - ok
13:37:22.0987 1992 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:37:23.0003 1992 BFE - ok
13:37:23.0050 1992 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:37:23.0065 1992 BITS - ok
13:37:23.0065 1992 blbdrive - ok
13:37:23.0065 1992 BlueletAudio - ok
13:37:23.0081 1992 BlueletSCOAudio - ok
13:37:23.0159 1992 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:37:23.0174 1992 Bonjour Service - ok
13:37:23.0190 1992 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:37:23.0190 1992 bowser - ok
13:37:23.0221 1992 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:37:23.0221 1992 BrFiltLo - ok
13:37:23.0237 1992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:37:23.0237 1992 BrFiltUp - ok
13:37:23.0252 1992 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:37:23.0252 1992 Browser - ok
13:37:23.0268 1992 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:37:23.0268 1992 Brserid - ok
13:37:23.0268 1992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:37:23.0268 1992 BrSerWdm - ok
13:37:23.0268 1992 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:37:23.0268 1992 BrUsbMdm - ok
13:37:23.0284 1992 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:37:23.0284 1992 BrUsbSer - ok
13:37:23.0284 1992 BT - ok
13:37:23.0284 1992 Btcsrusb - ok
13:37:23.0330 1992 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
13:37:23.0330 1992 BthEnum - ok
13:37:23.0330 1992 BTHidEnum - ok
13:37:23.0330 1992 BTHidMgr - ok
13:37:23.0377 1992 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
13:37:23.0377 1992 BTHMODEM - ok
13:37:23.0408 1992 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
13:37:23.0408 1992 BthPan - ok
13:37:23.0471 1992 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
13:37:23.0471 1992 BTHPORT - ok
13:37:23.0502 1992 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
13:37:23.0502 1992 BthServ - ok
13:37:23.0502 1992 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
13:37:23.0518 1992 BTHUSB - ok
13:37:23.0596 1992 catchme - ok
13:37:23.0674 1992 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
13:37:23.0674 1992 cbVSCService11 - ok
13:37:23.0705 1992 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:37:23.0705 1992 cdfs - ok
13:37:23.0752 1992 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:37:23.0752 1992 cdrom - ok
13:37:23.0752 1992 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:37:23.0752 1992 CertPropSvc - ok
13:37:23.0783 1992 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:37:23.0783 1992 circlass - ok
13:37:23.0814 1992 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:37:23.0830 1992 CLFS - ok
13:37:23.0876 1992 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:37:23.0876 1992 clr_optimization_v2.0.50727_32 - ok
13:37:23.0939 1992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:37:23.0939 1992 clr_optimization_v4.0.30319_32 - ok
13:37:23.0954 1992 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
13:37:23.0954 1992 cmdide - ok
13:37:23.0954 1992 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
13:37:23.0954 1992 Compbatt - ok
13:37:23.0954 1992 COMSysApp - ok
13:37:24.0032 1992 cpuz132 - ok
13:37:24.0064 1992 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
13:37:24.0064 1992 cpuz135 - ok
13:37:24.0079 1992 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:37:24.0079 1992 crcdisk - ok
13:37:24.0095 1992 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:37:24.0095 1992 Crusoe - ok
13:37:24.0126 1992 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:37:24.0126 1992 CryptSvc - ok
13:37:24.0173 1992 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:37:24.0188 1992 DcomLaunch - ok
13:37:24.0220 1992 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:37:24.0220 1992 DfsC - ok
13:37:24.0329 1992 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:37:24.0344 1992 DFSR - ok
13:37:24.0454 1992 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:37:24.0469 1992 Dhcp - ok
13:37:24.0500 1992 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:37:24.0500 1992 disk - ok
13:37:24.0625 1992 Diskeeper (2bad454a90ef64555f01c3aaf47a57b0) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
13:37:24.0641 1992 Diskeeper - ok
13:37:24.0703 1992 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:37:24.0703 1992 Dnscache - ok
13:37:24.0734 1992 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:37:24.0734 1992 dot3svc - ok
13:37:24.0859 1992 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:37:24.0875 1992 DPS - ok
13:37:24.0906 1992 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:37:24.0906 1992 drmkaud - ok
13:37:24.0953 1992 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:37:24.0968 1992 DXGKrnl - ok
13:37:24.0984 1992 e1express (abfd0739bda1a9295b872a4b27326b9c) C:\Windows\system32\DRIVERS\e1e6032.sys
13:37:24.0984 1992 e1express - ok
13:37:25.0015 1992 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:37:25.0015 1992 E1G60 - ok
13:37:25.0046 1992 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:37:25.0062 1992 EapHost - ok
13:37:25.0078 1992 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:37:25.0078 1992 Ecache - ok
13:37:25.0109 1992 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:37:25.0124 1992 ehRecvr - ok
13:37:25.0156 1992 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:37:25.0156 1992 ehSched - ok
13:37:25.0156 1992 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:37:25.0156 1992 ehstart - ok
13:37:25.0202 1992 EL90x (a32bda91e09b6ab885df7530eda54fe1) C:\Windows\system32\DRIVERS\el90XND5.SYS
13:37:25.0202 1992 EL90x - ok
13:37:25.0218 1992 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:37:25.0218 1992 elxstor - ok
13:37:25.0280 1992 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:37:25.0280 1992 EMDMgmt - ok
13:37:25.0312 1992 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:37:25.0327 1992 EventSystem - ok
13:37:25.0358 1992 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:37:25.0358 1992 exfat - ok
13:37:25.0390 1992 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:37:25.0390 1992 fastfat - ok
13:37:25.0421 1992 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:37:25.0421 1992 fdc - ok
13:37:25.0421 1992 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:37:25.0436 1992 fdPHost - ok
13:37:25.0452 1992 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:37:25.0452 1992 FDResPub - ok
13:37:25.0483 1992 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:37:25.0483 1992 FileInfo - ok
13:37:25.0514 1992 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:37:25.0514 1992 Filetrace - ok
13:37:25.0546 1992 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:37:25.0546 1992 flpydisk - ok
13:37:25.0561 1992 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:37:25.0561 1992 FltMgr - ok
13:37:25.0608 1992 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:37:25.0624 1992 FontCache - ok
13:37:25.0686 1992 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:37:25.0686 1992 FontCache3.0.0.0 - ok
13:37:25.0717 1992 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
13:37:25.0717 1992 FsUsbExDisk - ok
13:37:25.0748 1992 FsUsbExService (96633419f4a1e37acb89b45ebccfe001) C:\Windows\system32\FsUsbExService.Exe
13:37:25.0748 1992 FsUsbExService - ok
13:37:25.0795 1992 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:37:25.0795 1992 Fs_Rec - ok
13:37:25.0811 1992 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:37:25.0811 1992 gagp30kx - ok
13:37:25.0842 1992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:37:25.0842 1992 GEARAspiWDM - ok
13:37:25.0936 1992 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:37:25.0936 1992 GoogleDesktopManager-051210-111108 - ok
13:37:25.0982 1992 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:37:25.0982 1992 gpsvc - ok
13:37:26.0014 1992 gupdate1c9c6ef1c1c5b18 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:37:26.0014 1992 gupdate1c9c6ef1c1c5b18 - ok
13:37:26.0029 1992 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:37:26.0029 1992 gupdatem - ok
13:37:26.0045 1992 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:37:26.0060 1992 gusvc - ok
13:37:26.0107 1992 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:37:26.0123 1992 HDAudBus - ok
13:37:26.0138 1992 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:37:26.0138 1992 HidBth - ok
13:37:26.0138 1992 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:37:26.0138 1992 HidIr - ok
13:37:26.0170 1992 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:37:26.0170 1992 hidserv - ok
13:37:26.0185 1992 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:37:26.0185 1992 HidUsb - ok
13:37:26.0232 1992 hitmanpro35 (47eece68857817f39c8c6f33a7e5e76c) C:\Windows\system32\drivers\hitmanpro36.sys
13:37:26.0232 1992 hitmanpro35 - ok
13:37:26.0263 1992 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:37:26.0263 1992 hkmsvc - ok
13:37:26.0279 1992 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:37:26.0279 1992 HpCISSs - ok
13:37:26.0341 1992 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:37:26.0341 1992 HSF_DPV - ok
13:37:26.0372 1992 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
13:37:26.0372 1992 HSXHWBS2 - ok
13:37:26.0404 1992 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:37:26.0419 1992 HTTP - ok
13:37:26.0419 1992 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:37:26.0419 1992 i2omp - ok
13:37:26.0450 1992 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:37:26.0450 1992 i8042prt - ok
13:37:26.0497 1992 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
13:37:26.0497 1992 iaStor - ok
13:37:26.0528 1992 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:37:26.0528 1992 iaStorV - ok
13:37:26.0638 1992 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:37:26.0638 1992 IDriverT - ok
13:37:26.0731 1992 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:37:26.0747 1992 idsvc - ok
13:37:27.0012 1992 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:37:27.0059 1992 igfx - ok
13:37:27.0152 1992 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:37:27.0152 1992 iirsp - ok
13:37:27.0199 1992 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:37:27.0199 1992 IKEEXT - ok
13:37:27.0308 1992 IntcAzAudAddService (9b89f2e3d705651dec1f01033b9d6b24) C:\Windows\system32\drivers\RTKVHDA.sys
13:37:27.0340 1992 IntcAzAudAddService - ok
13:37:27.0402 1992 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
13:37:27.0402 1992 intelide - ok
13:37:27.0433 1992 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:37:27.0433 1992 intelppm - ok
13:37:27.0464 1992 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:37:27.0464 1992 IPBusEnum - ok
13:37:27.0496 1992 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:37:27.0496 1992 IpFilterDriver - ok
13:37:27.0527 1992 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:37:27.0542 1992 iphlpsvc - ok
13:37:27.0542 1992 IpInIp - ok
13:37:27.0558 1992 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:37:27.0558 1992 IPMIDRV - ok
13:37:27.0589 1992 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:37:27.0589 1992 IPNAT - ok
13:37:27.0683 1992 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:37:27.0683 1992 iPod Service - ok
13:37:27.0730 1992 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:37:27.0730 1992 IRENUM - ok
13:37:27.0745 1992 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
13:37:27.0745 1992 isapnp - ok
13:37:27.0776 1992 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:37:27.0776 1992 iScsiPrt - ok
13:37:27.0792 1992 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:37:27.0792 1992 iteatapi - ok
13:37:27.0808 1992 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:37:27.0808 1992 iteraid - ok
13:37:27.0823 1992 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:37:27.0823 1992 kbdclass - ok
13:37:27.0854 1992 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:37:27.0854 1992 kbdhid - ok
13:37:27.0886 1992 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:27.0886 1992 KeyIso - ok
13:37:27.0917 1992 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:37:27.0932 1992 KSecDD - ok
13:37:27.0964 1992 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:37:27.0979 1992 KtmRm - ok
13:37:27.0995 1992 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:37:27.0995 1992 LanmanServer - ok
13:37:28.0026 1992 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:37:28.0026 1992 LanmanWorkstation - ok
13:37:28.0057 1992 LHidFlt2 (27bbea62dfafc495e956d3911ebc3045) C:\Windows\system32\DRIVERS\LHidFlt2.sys
13:37:28.0057 1992 LHidFlt2 - ok
13:37:28.0057 1992 LKbdFlt2 (bbc297ea4fc97fc7b85f70915345c80a) C:\Windows\system32\DRIVERS\LKbdFlt2.sys
13:37:28.0057 1992 LKbdFlt2 - ok
13:37:28.0104 1992 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:37:28.0104 1992 lltdio - ok
13:37:28.0135 1992 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:37:28.0135 1992 lltdsvc - ok
13:37:28.0166 1992 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:37:28.0166 1992 lmhosts - ok
13:37:28.0166 1992 LMouFlt2 (45df10f44f6a140a4f3dd377676603f2) C:\Windows\system32\DRIVERS\LMouFlt2.sys
13:37:28.0166 1992 LMouFlt2 - ok
13:37:28.0198 1992 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:37:28.0198 1992 LSI_FC - ok
13:37:28.0213 1992 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:37:28.0229 1992 LSI_SAS - ok
13:37:28.0229 1992 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:37:28.0229 1992 LSI_SCSI - ok
13:37:28.0260 1992 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:37:28.0260 1992 luafv - ok
13:37:28.0276 1992 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:37:28.0276 1992 MBAMProtector - ok
13:37:28.0369 1992 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:37:28.0385 1992 MBAMService - ok
13:37:28.0400 1992 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:37:28.0400 1992 Mcx2Svc - ok
13:37:28.0416 1992 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:37:28.0416 1992 mdmxsdk - ok
13:37:28.0432 1992 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:37:28.0432 1992 megasas - ok
13:37:28.0478 1992 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:37:28.0478 1992 Microsoft Office Groove Audit Service - ok
13:37:28.0494 1992 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:37:28.0494 1992 MMCSS - ok
13:37:28.0525 1992 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:37:28.0525 1992 Modem - ok
13:37:28.0556 1992 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:37:28.0556 1992 monitor - ok
13:37:28.0572 1992 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:37:28.0572 1992 mouclass - ok
13:37:28.0588 1992 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:37:28.0588 1992 mouhid - ok
13:37:28.0619 1992 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:37:28.0619 1992 MountMgr - ok
13:37:28.0666 1992 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:37:28.0666 1992 mpio - ok
13:37:28.0697 1992 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:37:28.0697 1992 mpsdrv - ok
13:37:28.0712 1992 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:37:28.0728 1992 MpsSvc - ok
13:37:28.0744 1992 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:37:28.0744 1992 Mraid35x - ok
13:37:28.0790 1992 MREMP50 - ok
13:37:28.0790 1992 MREMPR5 - ok
13:37:28.0790 1992 MRENDIS5 - ok
13:37:28.0790 1992 MRESP50 - ok
13:37:28.0822 1992 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:37:28.0837 1992 MRxDAV - ok
13:37:28.0853 1992 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:37:28.0868 1992 mrxsmb - ok
13:37:28.0900 1992 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:37:28.0900 1992 mrxsmb10 - ok
13:37:28.0915 1992 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:37:28.0915 1992 mrxsmb20 - ok
13:37:28.0931 1992 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
13:37:28.0946 1992 msahci - ok
13:37:28.0946 1992 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:37:28.0946 1992 msdsm - ok
13:37:28.0978 1992 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:37:28.0978 1992 MSDTC - ok
13:37:29.0009 1992 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:37:29.0009 1992 Msfs - ok
13:37:29.0024 1992 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:37:29.0024 1992 msisadrv - ok
13:37:29.0056 1992 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:37:29.0056 1992 MSiSCSI - ok
13:37:29.0056 1992 MSIServer - ok
13:37:29.0071 1992 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:37:29.0071 1992 MSKSSRV - ok
13:37:29.0071 1992 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:37:29.0071 1992 MSPCLOCK - ok
13:37:29.0087 1992 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:37:29.0087 1992 MSPQM - ok
13:37:29.0118 1992 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:37:29.0118 1992 MsRPC - ok
13:37:29.0134 1992 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:37:29.0134 1992 mssmbios - ok
13:37:29.0149 1992 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:37:29.0149 1992 MSTEE - ok
13:37:29.0165 1992 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:37:29.0165 1992 Mup - ok
13:37:29.0196 1992 MusCAudio (fa11bef5d56168a3f4017ad41b74602e) C:\Windows\system32\drivers\MusCAudio.sys
13:37:29.0196 1992 MusCAudio - ok
13:37:29.0227 1992 MusCVideo (2b5b846841eee00395d97b78d987c976) C:\Windows\system32\DRIVERS\MusCVideo.sys
13:37:29.0227 1992 MusCVideo - ok
13:37:29.0258 1992 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:37:29.0274 1992 napagent - ok
13:37:29.0305 1992 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:37:29.0305 1992 NativeWifiP - ok
13:37:29.0352 1992 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:37:29.0368 1992 NDIS - ok
13:37:29.0383 1992 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:37:29.0383 1992 NdisTapi - ok
13:37:29.0399 1992 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:37:29.0399 1992 Ndisuio - ok
13:37:29.0414 1992 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:37:29.0414 1992 NdisWan - ok
13:37:29.0446 1992 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:37:29.0446 1992 NDProxy - ok
13:37:29.0477 1992 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:37:29.0477 1992 NetBIOS - ok
13:37:29.0524 1992 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:37:29.0524 1992 netbt - ok
13:37:29.0539 1992 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:29.0539 1992 Netlogon - ok
13:37:29.0570 1992 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:37:29.0570 1992 Netman - ok
13:37:29.0648 1992 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:29.0648 1992 NetMsmqActivator - ok
13:37:29.0664 1992 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:29.0664 1992 NetPipeActivator - ok
13:37:29.0680 1992 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:37:29.0680 1992 netprofm - ok
13:37:29.0695 1992 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:29.0695 1992 NetTcpActivator - ok
13:37:29.0695 1992 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:29.0695 1992 NetTcpPortSharing - ok
13:37:29.0726 1992 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:37:29.0726 1992 nfrd960 - ok
13:37:29.0758 1992 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:37:29.0758 1992 NlaSvc - ok
13:37:29.0758 1992 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:37:29.0758 1992 Npfs - ok
13:37:29.0773 1992 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:37:29.0773 1992 nsi - ok
13:37:29.0804 1992 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:37:29.0804 1992 nsiproxy - ok
13:37:29.0867 1992 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:37:29.0882 1992 Ntfs - ok
13:37:29.0898 1992 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:37:29.0898 1992 ntrigdigi - ok
13:37:29.0914 1992 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:37:29.0914 1992 Null - ok
13:37:29.0945 1992 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:37:29.0945 1992 nvraid - ok
13:37:29.0960 1992 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:37:29.0960 1992 nvstor - ok
13:37:29.0976 1992 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
13:37:29.0976 1992 nv_agp - ok
13:37:29.0976 1992 NwlnkFlt - ok
13:37:29.0976 1992 NwlnkFwd - ok
13:37:30.0070 1992 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:37:30.0085 1992 odserv - ok
13:37:30.0101 1992 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
13:37:30.0101 1992 ohci1394 - ok
13:37:30.0132 1992 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:37:30.0132 1992 ose - ok
13:37:30.0179 1992 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:30.0194 1992 p2pimsvc - ok
13:37:30.0194 1992 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:30.0194 1992 p2psvc - ok
13:37:30.0210 1992 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:37:30.0210 1992 Parport - ok
13:37:30.0241 1992 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:37:30.0241 1992 partmgr - ok
13:37:30.0257 1992 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:37:30.0257 1992 Parvdm - ok
13:37:30.0288 1992 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:37:30.0288 1992 PcaSvc - ok
13:37:30.0319 1992 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:37:30.0319 1992 pccsmcfd - ok
13:37:30.0350 1992 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:37:30.0350 1992 pci - ok
13:37:30.0382 1992 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:37:30.0382 1992 pciide - ok
13:37:30.0397 1992 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:37:30.0397 1992 pcmcia - ok
13:37:30.0444 1992 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:37:30.0460 1992 PEAUTH - ok
13:37:30.0569 1992 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:37:30.0584 1992 pla - ok
13:37:30.0694 1992 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:37:30.0694 1992 PlugPlay - ok
13:37:30.0740 1992 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
13:37:30.0740 1992 pmxmouse - ok
13:37:30.0756 1992 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
13:37:30.0756 1992 pmxusblf - ok
13:37:30.0803 1992 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:30.0803 1992 PNRPAutoReg - ok
13:37:30.0818 1992 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:30.0818 1992 PNRPsvc - ok
13:37:30.0850 1992 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:37:30.0865 1992 PolicyAgent - ok
13:37:30.0896 1992 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:37:30.0896 1992 PptpMiniport - ok
13:37:30.0928 1992 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:37:30.0928 1992 Processor - ok
13:37:30.0959 1992 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:37:30.0959 1992 ProfSvc - ok
13:37:30.0974 1992 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:30.0974 1992 ProtectedStorage - ok
13:37:31.0006 1992 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:37:31.0006 1992 PSched - ok
13:37:31.0037 1992 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
13:37:31.0037 1992 PxHelp20 - ok
13:37:31.0084 1992 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:37:31.0099 1992 ql2300 - ok
13:37:31.0115 1992 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:37:31.0115 1992 ql40xx - ok
13:37:31.0162 1992 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:37:31.0162 1992 QWAVE - ok
13:37:31.0193 1992 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:37:31.0193 1992 QWAVEdrv - ok
13:37:31.0286 1992 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
13:37:31.0318 1992 R300 - ok
13:37:31.0380 1992 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
13:37:31.0396 1992 RapiMgr - ok
13:37:31.0474 1992 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:37:31.0489 1992 RasAcd - ok
13:37:31.0520 1992 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:37:31.0520 1992 RasAuto - ok
13:37:31.0552 1992 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:37:31.0552 1992 Rasl2tp - ok
13:37:31.0583 1992 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:37:31.0598 1992 RasMan - ok
13:37:31.0645 1992 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:37:31.0645 1992 RasPppoe - ok
13:37:31.0676 1992 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:37:31.0676 1992 RasSstp - ok
13:37:31.0708 1992 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:37:31.0708 1992 rdbss - ok
13:37:31.0723 1992 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:37:31.0723 1992 RDPCDD - ok
13:37:31.0754 1992 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
13:37:31.0754 1992 rdpdr - ok
13:37:31.0770 1992 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:37:31.0770 1992 RDPENCDD - ok
13:37:31.0801 1992 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:37:31.0801 1992 RDPWD - ok
13:37:31.0832 1992 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:37:31.0832 1992 RemoteAccess - ok
13:37:31.0864 1992 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:37:31.0864 1992 RemoteRegistry - ok
13:37:31.0895 1992 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
13:37:31.0895 1992 RFCOMM - ok
13:37:31.0910 1992 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
13:37:31.0910 1992 ROOTMODEM - ok
13:37:32.0035 1992 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
13:37:32.0051 1992 RoxMediaDB9 - ok
13:37:32.0082 1992 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
13:37:32.0082 1992 RoxWatch9 - ok
13:37:32.0098 1992 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:37:32.0098 1992 RpcLocator - ok
13:37:32.0144 1992 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:37:32.0144 1992 RpcSs - ok
13:37:32.0191 1992 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:37:32.0207 1992 rspndr - ok
13:37:32.0222 1992 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:32.0222 1992 SamSs - ok
13:37:32.0269 1992 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:37:32.0269 1992 sbp2port - ok
13:37:32.0300 1992 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:37:32.0316 1992 SCardSvr - ok
13:37:32.0363 1992 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:37:32.0363 1992 Schedule - ok
13:37:32.0394 1992 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:37:32.0394 1992 SCPolicySvc - ok
13:37:32.0425 1992 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:37:32.0425 1992 SDRSVC - ok
13:37:32.0519 1992 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:37:32.0519 1992 SeaPort - ok
13:37:32.0550 1992 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:37:32.0550 1992 secdrv - ok
13:37:32.0566 1992 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:37:32.0581 1992 seclogon - ok
13:37:32.0581 1992 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:37:32.0581 1992 SENS - ok
13:37:32.0612 1992 Ser2pl (5d4532cce228a822d19e295dde678721) C:\Windows\system32\DRIVERS\ser2pl.sys
13:37:32.0612 1992 Ser2pl - ok
13:37:32.0612 1992 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
13:37:32.0628 1992 Serenum - ok
13:37:32.0644 1992 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:37:32.0644 1992 Serial - ok
13:37:32.0675 1992 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:37:32.0675 1992 sermouse - ok
13:37:32.0737 1992 ServiceLayer (58d5bfdf3adf49fe9cabd78cc61d92f6) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:37:32.0737 1992 ServiceLayer - ok
13:37:32.0784 1992 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:37:32.0784 1992 SessionEnv - ok
13:37:32.0800 1992 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
13:37:32.0800 1992 sffdisk - ok
13:37:32.0815 1992 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
13:37:32.0815 1992 sffp_mmc - ok
13:37:32.0815 1992 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
13:37:32.0815 1992 sffp_sd - ok
13:37:32.0815 1992 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:37:32.0815 1992 sfloppy - ok
13:37:32.0862 1992 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:37:32.0862 1992 SharedAccess - ok
13:37:32.0909 1992 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:37:32.0924 1992 ShellHWDetection - ok
13:37:32.0940 1992 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
13:37:32.0940 1992 sisagp - ok
13:37:32.0956 1992 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:37:32.0956 1992 SiSRaid2 - ok
13:37:32.0971 1992 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:37:32.0971 1992 SiSRaid4 - ok
13:37:33.0112 1992 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:37:33.0143 1992 slsvc - ok
13:37:33.0252 1992 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:37:33.0252 1992 SLUINotify - ok
13:37:33.0299 1992 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:37:33.0299 1992 Smb - ok
13:37:33.0314 1992 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:37:33.0330 1992 SNMPTRAP - ok
13:37:33.0346 1992 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:37:33.0346 1992 spldr - ok
13:37:33.0377 1992 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:37:33.0377 1992 Spooler - ok
13:37:33.0424 1992 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:37:33.0424 1992 srv - ok
13:37:33.0455 1992 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:37:33.0455 1992 srv2 - ok
13:37:33.0486 1992 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:37:33.0486 1992 srvnet - ok
13:37:33.0517 1992 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
13:37:33.0517 1992 sscdbus - ok
13:37:33.0548 1992 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:37:33.0548 1992 sscdmdfl - ok
13:37:33.0580 1992 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
13:37:33.0580 1992 sscdmdm - ok
13:37:33.0611 1992 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:37:33.0611 1992 SSDPSRV - ok
13:37:33.0626 1992 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:37:33.0626 1992 SstpSvc - ok
13:37:33.0673 1992 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:37:33.0673 1992 stisvc - ok
13:37:33.0751 1992 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:37:33.0751 1992 stllssvr - ok
13:37:33.0782 1992 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:37:33.0782 1992 swenum - ok
13:37:33.0829 1992 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:37:33.0829 1992 swprv - ok
13:37:33.0845 1992 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:37:33.0845 1992 Symc8xx - ok
13:37:33.0860 1992 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:37:33.0860 1992 Sym_hi - ok
13:37:33.0876 1992 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:37:33.0876 1992 Sym_u3 - ok
13:37:33.0923 1992 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:37:33.0923 1992 SysMain - ok
13:37:33.0938 1992 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:37:33.0938 1992 TabletInputService - ok
13:37:33.0985 1992 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:37:33.0985 1992 TapiSrv - ok
13:37:34.0016 1992 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:37:34.0016 1992 TBS - ok
13:37:34.0079 1992 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:37:34.0079 1992 Tcpip - ok
13:37:34.0110 1992 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:37:34.0126 1992 Tcpip6 - ok
13:37:34.0141 1992 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:37:34.0141 1992 tcpipreg - ok
13:37:34.0172 1992 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:37:34.0172 1992 TDPIPE - ok
13:37:34.0188 1992 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:37:34.0188 1992 TDTCP - ok
13:37:34.0235 1992 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:37:34.0235 1992 tdx - ok
13:37:34.0235 1992 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:37:34.0235 1992 TermDD - ok
13:37:34.0266 1992 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:37:34.0282 1992 TermService - ok
13:37:34.0313 1992 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:37:34.0313 1992 Themes - ok
13:37:34.0328 1992 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:37:34.0328 1992 THREADORDER - ok
13:37:34.0344 1992 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:37:34.0344 1992 TrkWks - ok
13:37:34.0375 1992 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:37:34.0375 1992 TrustedInstaller - ok
13:37:34.0391 1992 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:37:34.0391 1992 tssecsrv - ok
13:37:34.0406 1992 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:37:34.0406 1992 tunmp - ok
13:37:34.0438 1992 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:37:34.0438 1992 tunnel - ok
13:37:34.0469 1992 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:37:34.0469 1992 uagp35 - ok
13:37:34.0500 1992 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:37:34.0500 1992 udfs - ok
13:37:34.0547 1992 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:37:34.0547 1992 UI0Detect - ok
13:37:34.0562 1992 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
13:37:34.0562 1992 uliagpkx - ok
13:37:34.0594 1992 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:37:34.0594 1992 uliahci - ok
13:37:34.0609 1992 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:37:34.0609 1992 UlSata - ok
13:37:34.0625 1992 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:37:34.0625 1992 ulsata2 - ok
13:37:34.0656 1992 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:37:34.0656 1992 umbus - ok
13:37:34.0687 1992 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:37:34.0703 1992 upnphost - ok
13:37:34.0734 1992 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:37:34.0734 1992 USBAAPL - ok
13:37:34.0765 1992 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:37:34.0765 1992 usbccgp - ok
13:37:34.0781 1992 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:37:34.0781 1992 usbcir - ok
13:37:34.0812 1992 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:37:34.0812 1992 usbehci - ok
13:37:34.0843 1992 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:37:34.0843 1992 usbhub - ok
13:37:34.0859 1992 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:37:34.0859 1992 usbohci - ok
13:37:34.0890 1992 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:37:34.0890 1992 usbprint - ok
13:37:34.0906 1992 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:37:34.0906 1992 USBSTOR - ok
13:37:34.0937 1992 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:37:34.0937 1992 usbuhci - ok
13:37:34.0937 1992 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:37:34.0952 1992 UxSms - ok
13:37:34.0952 1992 VComm - ok
13:37:34.0952 1992 VcommMgr - ok
13:37:34.0999 1992 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:37:35.0015 1992 vds - ok
13:37:35.0015 1992 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:37:35.0015 1992 vga - ok
13:37:35.0030 1992 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:37:35.0030 1992 VgaSave - ok
13:37:35.0046 1992 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
13:37:35.0046 1992 viaagp - ok
13:37:35.0062 1992 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:37:35.0062 1992 ViaC7 - ok
13:37:35.0077 1992 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
13:37:35.0077 1992 viaide - ok
13:37:35.0108 1992 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:37:35.0108 1992 volmgr - ok
13:37:35.0155 1992 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:37:35.0155 1992 volmgrx - ok
13:37:35.0202 1992 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:37:35.0202 1992 volsnap - ok
13:37:35.0218 1992 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:37:35.0218 1992 vsmraid - ok
13:37:35.0264 1992 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:37:35.0280 1992 VSS - ok
13:37:35.0327 1992 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:37:35.0327 1992 W32Time - ok
13:37:35.0374 1992 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:37:35.0374 1992 WacomPen - ok
13:37:35.0405 1992 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:35.0405 1992 Wanarp - ok
13:37:35.0405 1992 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:35.0405 1992 Wanarpv6 - ok
13:37:35.0452 1992 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
13:37:35.0452 1992 WcesComm - ok
13:37:35.0514 1992 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:37:35.0514 1992 wcncsvc - ok
13:37:35.0545 1992 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:37:35.0545 1992 WcsPlugInService - ok
13:37:35.0561 1992 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:37:35.0561 1992 Wd - ok
13:37:35.0608 1992 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:37:35.0608 1992 Wdf01000 - ok
13:37:35.0639 1992 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:37:35.0639 1992 WdiServiceHost - ok
13:37:35.0639 1992 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:37:35.0639 1992 WdiSystemHost - ok
13:37:35.0654 1992 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:37:35.0670 1992 WebClient - ok
13:37:35.0701 1992 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:37:35.0701 1992 Wecsvc - ok
13:37:35.0748 1992 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:37:35.0748 1992 wercplsupport - ok
13:37:35.0764 1992 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:37:35.0779 1992 WerSvc - ok
13:37:35.0826 1992 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:37:35.0826 1992 winachsf - ok
13:37:35.0920 1992 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:37:35.0920 1992 WinDefend - ok
13:37:35.0920 1992 WinHttpAutoProxySvc - ok
13:37:35.0982 1992 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:37:35.0982 1992 Winmgmt - ok
13:37:36.0060 1992 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:37:36.0076 1992 WinRM - ok
13:37:36.0138 1992 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:37:36.0154 1992 Wlansvc - ok
13:37:36.0247 1992 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:37:36.0263 1992 wlidsvc - ok
13:37:36.0372 1992 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
13:37:36.0372 1992 WmiAcpi - ok
13:37:36.0403 1992 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:37:36.0403 1992 wmiApSrv - ok
13:37:36.0512 1992 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:37:36.0528 1992 WMPNetworkSvc - ok
13:37:36.0559 1992 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:37:36.0559 1992 WPCSvc - ok
13:37:36.0590 1992 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:37:36.0590 1992 WPDBusEnum - ok
13:37:36.0622 1992 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:37:36.0622 1992 WpdUsb - ok
13:37:36.0746 1992 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:37:36.0762 1992 WPFFontCache_v0400 - ok
13:37:36.0778 1992 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:37:36.0778 1992 ws2ifsl - ok
13:37:36.0809 1992 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:37:36.0809 1992 wscsvc - ok
13:37:36.0809 1992 WSearch - ok
13:37:36.0918 1992 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:37:36.0934 1992 wuauserv - ok
13:37:37.0027 1992 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:37:37.0027 1992 WUDFRd - ok
13:37:37.0058 1992 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:37:37.0058 1992 wudfsvc - ok
13:37:37.0058 1992 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
13:37:37.0058 1992 XAudio - ok
13:37:37.0105 1992 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
13:37:37.0105 1992 XAudioService - ok
13:37:37.0136 1992 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:37:37.0168 1992 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
13:37:37.0168 1992 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
13:37:37.0183 1992 MBR (0x1B8) (4c174fe99672b3a91fda305d2eb1efed) \Device\Harddisk1\DR6
13:37:46.0309 1992 \Device\Harddisk1\DR6 - ok
13:37:46.0325 1992 Boot (0x1200) (184d331baeb08cbb8da800244615315a) \Device\Harddisk0\DR0\Partition0
13:37:46.0340 1992 \Device\Harddisk0\DR0\Partition0 - ok
13:37:46.0356 1992 Boot (0x1200) (fa0ca5f9f1acd6e34585250938b6b438) \Device\Harddisk0\DR0\Partition1
13:37:46.0356 1992 \Device\Harddisk0\DR0\Partition1 - ok
13:37:46.0356 1992 Boot (0x1200) (48a5eaf5e4856a081ce7bde153a21005) \Device\Harddisk1\DR6\Partition0
13:37:46.0356 1992 \Device\Harddisk1\DR6\Partition0 - ok
13:37:46.0356 1992 ============================================================
13:37:46.0356 1992 Scan finished
13:37:46.0356 1992 ============================================================
13:37:46.0387 1376 Detected object count: 1
13:37:46.0387 1376 Actual detected object count: 1
13:39:11.0750 1376 \Device\Harddisk0\DR0\# - copied to quarantine
13:39:11.0750 1376 \Device\Harddisk0\DR0 - copied to quarantine
13:39:11.0797 1376 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
13:39:11.0797 1376 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
13:39:11.0797 1376 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
13:39:11.0797 1376 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
13:39:11.0813 1376 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
13:39:11.0813 1376 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
13:39:11.0813 1376 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
13:39:11.0828 1376 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
13:39:11.0828 1376 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
13:39:11.0860 1376 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:39:11.0860 1376 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:39:11.0860 1376 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:39:11.0875 1376 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:39:11.0875 1376 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
13:39:11.0891 1376 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
13:39:11.0891 1376 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
13:39:11.0906 1376 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
13:39:11.0938 1376 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
13:39:11.0938 1376 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
13:39:11.0938 1376 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
13:39:11.0938 1376 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
13:39:12.0172 1376 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
13:39:12.0172 1376 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
13:39:12.0187 1376 \Device\Harddisk0\DR0 - ok
13:39:12.0530 1376 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
13:39:17.0273 2040 Deinitialize success

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 AM

Posted 21 June 2012 - 05:05 PM

Hello,

Please restart your computer and run Combofix in Safemode.


Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fmckinley

fmckinley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 21 June 2012 - 08:59 PM

Okay, Combofix worked in safemode and identified this virus: Rootkit.ZeroAccess (It took about an hour.) The computer asked for a reboot, and then worked through the program again. It then rebooted and made a notice of generating a log (txt) file. I've searched the computer and can't find the log file. Sorry. Right now the computer seems to function well, and I'm not getting the Anti-Malware notice I was getting earlier.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 AM

Posted 21 June 2012 - 09:17 PM

Hello,

Combofix file should be located at C:\Combofix.txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fmckinley

fmckinley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 21 June 2012 - 09:23 PM

Sorry, it's not there. I might have exited the program too quickly after receiving the notice about generating the file.

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 AM

Posted 21 June 2012 - 09:26 PM

Please run it again and post the log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fmckinley

fmckinley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 21 June 2012 - 09:57 PM

Reran ComboFix and waited patiently this time. Log is attached. Thanks.

Attached Files



#10 fmckinley

fmckinley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 21 June 2012 - 10:03 PM

Follow up: When I attempted to open the ComboFix.txt file on the affected computer, I received the following error: "Illegal operation attempted on a registry key that has been marked for deletion"

Never mind. I found that you simply need to reboot.

Edited by fmckinley, 21 June 2012 - 10:09 PM.


#11 fmckinley

fmckinley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 22 June 2012 - 12:36 PM

I was able to run DDS. The results are attached.

Attached Files



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 AM

Posted 22 June 2012 - 06:24 PM

Hello,


Let's run a couple other tools to make sure no leftovers.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fmckinley

fmckinley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 23 June 2012 - 12:18 PM

Here are the log files for MalwareBytes and Eset. Everything seems good to me. Please let me know if you feel anything else should be done. Thank you.

Attached Files



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:07 AM

Posted 23 June 2012 - 12:28 PM

Hello, fmckinley.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".




Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.




One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fmckinley

fmckinley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 23 June 2012 - 01:36 PM

Bleepin' Fireman, I completed all steps you outlined and everything is running clean. again I want to thank you for your assistance. I really appreciate your help. Blessings to you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users