Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix detects Rootkit Zero Access


  • This topic is locked This topic is locked
28 replies to this topic

#1 nylde.star

nylde.star

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 24 June 2012 - 01:57 AM

I'm so so so desperate. I can't get rid of the rootkit virus that has taken over my computer. I don't know what to do. I feel so helpless and I need to salvage this computer so badly. I can't even finish running combofix because everytime it asks me to restart, when it finally does it is as if nothing happens. My computer is so slow and all my searches on the internet gets so messed up. I really need someone's help on this. Please!!! Someone out there help me.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:52 PM

Posted 24 June 2012 - 12:47 PM

what is your operating system?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 nylde.star

nylde.star
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 24 June 2012 - 02:15 PM

I have a vista basic.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:52 PM

Posted 24 June 2012 - 02:52 PM

OK,

Please run the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 nylde.star

nylde.star
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 24 June 2012 - 03:39 PM

Here are the results after I ran the FARBAR recovery scan Tool...

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 24-06-2012 13:32:38
Running from D:\
Windows Vista ™ Home Basic (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [81920 2007-02-09] (Intel Corporation)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [151552 2006-09-29] (Intel Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] sttray.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe" [771360 2009-11-11] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\MainPC\...\Run: [Akamai] rundll32.exe "C:\Users\MainPC\AppData\Local\Google\Akamai\jrhrqrk.dll",CreateInstance [770048 2012-06-13] (Gracenote)
HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\MainPC\...\Run: [Akamai] rundll32.exe "C:\Users\MainPC\AppData\Local\Google\Akamai\jrhrqrk.dll",CreateInstance [770048 2012-06-13] (Gracenote)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

================================ Services (Whitelisted) ==================

3 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2006-11-07] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
3 lxcg_device; C:\Windows\system32\lxcgcoms.exe -service [491520 2005-04-15] ()
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]

========================== Drivers (Whitelisted) =============

3 DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
2 dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [258048 2006-10-18] (Conexant Systems, Inc.)
3 MOUSECONTROLLER; C:\Windows\System32\Drivers\AIMON.sys [30952 2011-11-01] (Windows ® Win 7 DDK provider)
3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-07] (SigmaTel, Inc.)
3 WT6563F; C:\Windows\System32\Drivers\WT6563F.sys [13120 2003-03-19] (Weltrend Semiconductor, Inc.)
3 W_MouseCombo; C:\Windows\System32\Drivers\W_MouseCombo.sys [32128 2009-11-10] (BANNCO CORP.)
3 catchme; \??\C:\Users\MainPC\AppData\Local\Temp\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-24 13:32 - 2012-06-24 13:32 - 00000000 ____D C:\FRST
2012-06-24 12:20 - 2012-06-24 12:18 - 00882236 ____A C:\Users\MainPC\Desktop\FRST.exe
2012-06-24 12:20 - 2012-06-24 12:18 - 00882236 ____A C:\Documents and Settings\MainPC\Desktop\FRST.exe
2012-06-23 21:33 - 2012-06-23 21:38 - 00000000 ___SD C:\ComboFix
2012-06-23 20:46 - 2012-06-23 20:46 - 00000000 ____D C:\_OTL
2012-06-23 20:04 - 2012-06-23 20:52 - 00046340 ____A C:\Users\MainPC\Desktop\Extras.Txt
2012-06-23 20:04 - 2012-06-23 20:52 - 00046340 ____A C:\Documents and Settings\MainPC\Desktop\Extras.Txt
2012-06-23 20:01 - 2012-06-23 20:50 - 00044574 ____A C:\Users\MainPC\Desktop\OTL.Txt
2012-06-23 20:01 - 2012-06-23 20:50 - 00044574 ____A C:\Documents and Settings\MainPC\Desktop\OTL.Txt
2012-06-23 19:36 - 2012-06-23 19:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-23 19:32 - 2012-06-23 19:42 - 04566424 ____R (Swearware) C:\Users\MainPC\Desktop\ComboFix.exe
2012-06-23 19:32 - 2012-06-23 19:42 - 04566424 ____R (Swearware) C:\Documents and Settings\MainPC\Desktop\ComboFix.exe
2012-06-23 19:32 - 2012-06-22 13:34 - 00044607 ____A C:\Users\MainPC\Desktop\bootkit_remover.zip
2012-06-23 19:32 - 2012-06-22 13:34 - 00044607 ____A C:\Documents and Settings\MainPC\Desktop\bootkit_remover.zip
2012-06-23 19:32 - 2012-06-22 13:33 - 04731392 ____A (AVAST Software) C:\Users\MainPC\Desktop\aswMBR.exe
2012-06-23 19:32 - 2012-06-22 13:33 - 04731392 ____A (AVAST Software) C:\Documents and Settings\MainPC\Desktop\aswMBR.exe
2012-06-23 19:32 - 2012-06-22 13:05 - 00595968 ____A (OldTimer Tools) C:\Users\MainPC\Desktop\OTL.exe
2012-06-23 19:32 - 2012-06-22 13:05 - 00595968 ____A (OldTimer Tools) C:\Documents and Settings\MainPC\Desktop\OTL.exe
2012-06-23 19:32 - 2012-06-22 12:46 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\MainPC\Desktop\tdsskiller.exe
2012-06-23 19:32 - 2012-06-22 12:46 - 02128472 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\MainPC\Desktop\tdsskiller.exe
2012-06-22 00:03 - 2012-06-22 00:03 - 00139672 ____A C:\Windows\Minidump\Mini062212-02.dmp
2012-06-21 23:55 - 2012-06-21 23:55 - 00139672 ____A C:\Windows\Minidump\Mini062212-01.dmp
2012-06-21 23:51 - 2012-06-21 23:51 - 00100736 ____A (GMER) C:\pwdiypog.sys
2012-06-21 22:18 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-21 22:18 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-21 22:18 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-21 22:18 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-21 22:18 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-21 22:18 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-21 22:18 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-21 22:18 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-21 22:11 - 2012-06-21 22:18 - 00000000 ____D C:\Qoobox
2012-06-21 18:53 - 2012-06-21 18:53 - 00143888 ____A C:\Windows\Minidump\Mini062112-01.dmp
2012-06-20 14:56 - 2012-06-20 14:56 - 00143888 ____A C:\Windows\Minidump\Mini062012-01.dmp
2012-06-18 23:47 - 2012-06-18 23:47 - 00143888 ____A C:\Windows\Minidump\Mini061912-01.dmp

============ 3 Months Modified Files and Folders ===============

2012-06-24 12:30 - 2006-11-02 04:58 - 00032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-24 12:30 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-24 12:30 - 2006-11-02 04:45 - 00003552 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-24 12:30 - 2006-11-02 04:45 - 00003552 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-24 12:29 - 2010-06-03 19:36 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-24 12:29 - 2006-11-02 04:44 - 00289472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-24 12:18 - 2012-06-24 12:20 - 00882236 ____A C:\Users\MainPC\Desktop\FRST.exe
2012-06-24 12:18 - 2012-06-24 12:20 - 00882236 ____A C:\Documents and Settings\MainPC\Desktop\FRST.exe
2012-06-24 12:18 - 2007-04-27 11:09 - 00006216 ____A C:\Users\MainPC\AppData\Local\d3d9caps.dat
2012-06-24 12:18 - 2007-04-27 11:09 - 00006216 ____A C:\Documents and Settings\MainPC\AppData\Local\d3d9caps.dat
2012-06-24 12:04 - 2007-04-24 04:58 - 01210921 ____A C:\Windows\WindowsUpdate.log
2012-06-24 12:01 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-24 12:00 - 2011-12-16 21:46 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-23 22:36 - 2007-04-24 05:27 - 00180842 ____A C:\Windows\PFRO.log
2012-06-23 21:38 - 2012-06-23 21:33 - 00000000 ___SD C:\ComboFix
2012-06-23 20:52 - 2012-06-23 20:04 - 00046340 ____A C:\Users\MainPC\Desktop\Extras.Txt
2012-06-23 20:52 - 2012-06-23 20:04 - 00046340 ____A C:\Documents and Settings\MainPC\Desktop\Extras.Txt
2012-06-23 20:50 - 2012-06-23 20:01 - 00044574 ____A C:\Users\MainPC\Desktop\OTL.Txt
2012-06-23 20:50 - 2012-06-23 20:01 - 00044574 ____A C:\Documents and Settings\MainPC\Desktop\OTL.Txt
2012-06-23 20:46 - 2012-06-23 20:46 - 00000000 ____D C:\_OTL
2012-06-23 20:46 - 2011-01-03 12:55 - 00000000 ____D C:\Program Files\Common Files\Akamai
2012-06-23 20:12 - 2007-04-26 22:44 - 00018508 ____A C:\Users\MainPC\AppData\Roaming\wklnhst.dat
2012-06-23 20:12 - 2007-04-26 22:44 - 00018508 ____A C:\Documents and Settings\MainPC\AppData\Roaming\wklnhst.dat
2012-06-23 19:51 - 2010-12-13 23:04 - 00000368 ____A C:\rkill.log
2012-06-23 19:47 - 2006-11-02 04:49 - 00109121 ____A C:\Windows\setupact.log
2012-06-23 19:42 - 2012-06-23 19:32 - 04566424 ____R (Swearware) C:\Users\MainPC\Desktop\ComboFix.exe
2012-06-23 19:42 - 2012-06-23 19:32 - 04566424 ____R (Swearware) C:\Documents and Settings\MainPC\Desktop\ComboFix.exe
2012-06-23 19:36 - 2012-06-23 19:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-23 18:28 - 2010-06-03 19:36 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-22 13:34 - 2012-06-23 19:32 - 00044607 ____A C:\Users\MainPC\Desktop\bootkit_remover.zip
2012-06-22 13:34 - 2012-06-23 19:32 - 00044607 ____A C:\Documents and Settings\MainPC\Desktop\bootkit_remover.zip
2012-06-22 13:33 - 2012-06-23 19:32 - 04731392 ____A (AVAST Software) C:\Users\MainPC\Desktop\aswMBR.exe
2012-06-22 13:33 - 2012-06-23 19:32 - 04731392 ____A (AVAST Software) C:\Documents and Settings\MainPC\Desktop\aswMBR.exe
2012-06-22 13:05 - 2012-06-23 19:32 - 00595968 ____A (OldTimer Tools) C:\Users\MainPC\Desktop\OTL.exe
2012-06-22 13:05 - 2012-06-23 19:32 - 00595968 ____A (OldTimer Tools) C:\Documents and Settings\MainPC\Desktop\OTL.exe
2012-06-22 12:46 - 2012-06-23 19:32 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\MainPC\Desktop\tdsskiller.exe
2012-06-22 12:46 - 2012-06-23 19:32 - 02128472 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\MainPC\Desktop\tdsskiller.exe
2012-06-22 00:03 - 2012-06-22 00:03 - 00139672 ____A C:\Windows\Minidump\Mini062212-02.dmp
2012-06-22 00:03 - 2007-07-23 11:12 - 00000000 ____D C:\Windows\Minidump
2012-06-22 00:03 - 2007-07-23 11:11 - 234303885 ____A C:\Windows\MEMORY.DMP
2012-06-21 23:55 - 2012-06-21 23:55 - 00139672 ____A C:\Windows\Minidump\Mini062212-01.dmp
2012-06-21 23:51 - 2012-06-21 23:51 - 00100736 ____A (GMER) C:\pwdiypog.sys
2012-06-21 22:18 - 2012-06-21 22:11 - 00000000 ____D C:\Qoobox
2012-06-21 22:14 - 2010-07-07 23:52 - 00000000 ____D C:\Windows\ERDNT
2012-06-21 18:53 - 2012-06-21 18:53 - 00143888 ____A C:\Windows\Minidump\Mini062112-01.dmp
2012-06-21 00:53 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\SchCache
2012-06-20 22:56 - 2007-04-28 12:16 - 00000000 ____D C:\Users\All Users\yahoo!
2012-06-20 22:56 - 2007-04-28 12:16 - 00000000 ____D C:\Users\All Users\Application Data\yahoo!
2012-06-20 22:56 - 2007-04-28 12:16 - 00000000 ____D C:\Documents and Settings\All Users\yahoo!
2012-06-20 22:56 - 2007-04-28 12:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\yahoo!
2012-06-20 22:56 - 2007-04-24 05:21 - 00000000 ____D C:\Program Files\Yahoo!
2012-06-20 22:54 - 2010-07-07 22:16 - 00000000 ____D C:\Program Files\Edlyn
2012-06-20 22:38 - 2011-05-26 20:00 - 00005901 ____A C:\Windows\IE9_main.log
2012-06-20 22:24 - 2007-04-28 12:15 - 00000150 ____A C:\YServer.txt
2012-06-20 14:56 - 2012-06-20 14:56 - 00143888 ____A C:\Windows\Minidump\Mini062012-01.dmp
2012-06-18 23:47 - 2012-06-18 23:47 - 00143888 ____A C:\Windows\Minidump\Mini061912-01.dmp
2012-06-13 23:06 - 2007-04-26 17:13 - 00000000 ____D C:\Users\MainPC\AppData\Local\Google
2012-06-13 23:06 - 2007-04-26 17:13 - 00000000 ____D C:\Documents and Settings\MainPC\AppData\Local\Google
2012-06-13 06:23 - 2007-04-26 17:13 - 00070544 ____A C:\Users\MainPC\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-13 06:23 - 2007-04-26 17:13 - 00070544 ____A C:\Documents and Settings\MainPC\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-29 15:58 - 2011-12-16 21:46 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-28 19:45 - 2012-05-23 11:35 - 00013824 ____A C:\Users\MainPC\Documents\STATION 300.xlr
2012-05-28 19:45 - 2012-05-23 11:35 - 00013824 ____A C:\Documents and Settings\MainPC\Documents\STATION 300.xlr
2012-05-23 18:41 - 2012-05-23 18:41 - 00000000 ____D C:\Users\MainPC\Documents\Mp3Skull
2012-05-23 18:41 - 2012-05-23 18:41 - 00000000 ____D C:\Documents and Settings\MainPC\Documents\Mp3Skull
2012-05-18 15:01 - 2007-04-26 17:40 - 00054272 ____A C:\Users\MainPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-18 15:01 - 2007-04-26 17:40 - 00054272 ____A C:\Documents and Settings\MainPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-18 14:51 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2012-04-28 21:57 - 2011-07-15 17:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-28 21:51 - 2012-04-28 21:51 - 00001626 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-28 21:51 - 2012-04-28 21:51 - 00001626 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk
2012-04-28 21:51 - 2012-04-28 21:50 - 00000000 ____D C:\Program Files\iTunes
2012-04-28 21:50 - 2012-04-28 21:50 - 00000000 ____D C:\Program Files\iPod
2012-04-28 21:50 - 2008-05-17 10:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-04-28 21:46 - 2007-04-26 17:11 - 00000000 ____D C:\users\MainPC
2012-04-04 14:56 - 2011-12-08 19:43 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-29 08:30 - 2012-03-29 08:30 - 00011264 ____A C:\Users\MainPC\Documents\Ida's new resume.wps
2012-03-29 08:30 - 2012-03-29 08:30 - 00011264 ____A C:\Documents and Settings\MainPC\Documents\Ida's new resume.wps
2012-03-29 08:27 - 2012-03-29 08:27 - 00011264 ____A C:\Users\MainPC\Documents\Idamae resume22.wps
2012-03-29 08:27 - 2012-03-29 08:27 - 00011264 ____A C:\Documents and Settings\MainPC\Documents\Idamae resume22.wps
2012-03-29 08:18 - 2012-03-29 08:18 - 00013824 ____A C:\Users\MainPC\Documents\Idamae resume2012.doc.wps
2012-03-29 08:18 - 2012-03-29 08:18 - 00013824 ____A C:\Documents and Settings\MainPC\Documents\Idamae resume2012.doc.wps


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 1013.32 MB
Available physical RAM: 809.58 MB
Total Pagefile: 978.16 MB
Available Pagefile: 861.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:288.05 GB) (Free:196.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:1.87 GB) (Free:1.8 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.91 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1142 KB
Disk 1 Online 1926 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 288 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 X RECOVERY NTFS Partition 10 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 288 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1922 MB 4096 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 D FAT32 Removable 1922 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-24 12:21

======================= End Of Log ==========================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:52 PM

Posted 24 June 2012 - 03:50 PM

Delete the copy of ComboFix that you have on your desktop

download a fresh copy but rename it to svchost.exe before saving it to the desktop

ComboFix download


now boot into safe mode and run it

give it lots of time to complete, longer than you think it should take, wait until it produces a log


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 nylde.star

nylde.star
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 24 June 2012 - 08:30 PM

I tried several times but without success. It keeps asking me to reboot after it has detected the rootkit and after the computer restarts nothing happens. I've tried doing this both as a regular user and as administrator. I don't know how else to make combo fix work. (note that I did rename the file to svchost.exe before saving and then running the file from the desktop.). Please let me know what the next step should be.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:52 PM

Posted 24 June 2012 - 08:31 PM

please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 nylde.star

nylde.star
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 24 June 2012 - 08:49 PM

Here are the results of the tdsskiller scan...

18:41:07.0343 2972 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
18:41:07.0857 2972 ============================================================
18:41:07.0857 2972 Current date / time: 2012/06/24 18:41:07.0857
18:41:07.0857 2972 SystemInfo:
18:41:07.0857 2972
18:41:07.0857 2972 OS Version: 6.0.6002 ServicePack: 2.0
18:41:07.0857 2972 Product type: Workstation
18:41:07.0857 2972 ComputerName: MAINPC-PC
18:41:07.0857 2972 UserName: MainPC
18:41:07.0857 2972 Windows directory: C:\Windows
18:41:07.0857 2972 System windows directory: C:\Windows
18:41:07.0857 2972 Processor architecture: Intel x86
18:41:07.0857 2972 Number of processors: 2
18:41:07.0857 2972 Page size: 0x1000
18:41:07.0857 2972 Boot type: Normal boot
18:41:07.0857 2972 ============================================================
18:41:08.0419 2972 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:41:08.0435 2972 Drive \Device\Harddisk1\DR1 - Size: 0x78600000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:41:08.0435 2972 ============================================================
18:41:08.0435 2972 \Device\Harddisk0\DR0:
18:41:08.0435 2972 MBR partitions:
18:41:08.0435 2972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000
18:41:08.0435 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x2401A000
18:41:08.0435 2972 \Device\Harddisk1\DR1:
18:41:08.0450 2972 MBR partitions:
18:41:08.0450 2972 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x3C1000
18:41:08.0450 2972 ============================================================
18:41:08.0497 2972 C: <-> \Device\Harddisk0\DR0\Partition1
18:41:08.0528 2972 D: <-> \Device\Harddisk0\DR0\Partition0
18:41:08.0528 2972 ============================================================
18:41:08.0528 2972 Initialize success
18:41:08.0528 2972 ============================================================
18:41:32.0256 1472 ============================================================
18:41:32.0256 1472 Scan started
18:41:32.0256 1472 Mode: Manual; TDLFS;
18:41:32.0256 1472 ============================================================
18:41:32.0583 1472 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:41:32.0599 1472 ACPI - ok
18:41:32.0895 1472 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:41:32.0911 1472 AdobeARMservice - ok
18:41:33.0192 1472 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:41:33.0270 1472 adp94xx - ok
18:41:33.0317 1472 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:41:33.0348 1472 adpahci - ok
18:41:33.0379 1472 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:41:33.0410 1472 adpu160m - ok
18:41:33.0535 1472 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:41:33.0582 1472 adpu320 - ok
18:41:33.0660 1472 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:41:33.0660 1472 AeLookupSvc - ok
18:41:33.0972 1472 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:41:34.0065 1472 AFD - ok
18:41:34.0143 1472 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
18:41:34.0143 1472 agp440 - ok
18:41:34.0175 1472 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:41:34.0175 1472 aic78xx - ok
18:41:34.0190 1472 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:41:34.0190 1472 ALG - ok
18:41:34.0237 1472 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
18:41:34.0237 1472 aliide - ok
18:41:34.0268 1472 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
18:41:34.0284 1472 amdagp - ok
18:41:34.0299 1472 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
18:41:34.0299 1472 amdide - ok
18:41:34.0299 1472 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:41:34.0299 1472 AmdK7 - ok
18:41:34.0315 1472 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:41:34.0315 1472 AmdK8 - ok
18:41:34.0377 1472 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:41:34.0377 1472 Appinfo - ok
18:41:34.0471 1472 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:41:34.0471 1472 Apple Mobile Device - ok
18:41:34.0502 1472 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:41:34.0518 1472 arc - ok
18:41:34.0533 1472 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:41:34.0533 1472 arcsas - ok
18:41:34.0580 1472 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:34.0580 1472 AsyncMac - ok
18:41:34.0596 1472 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
18:41:34.0596 1472 atapi - ok
18:41:34.0643 1472 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:41:34.0674 1472 AudioEndpointBuilder - ok
18:41:34.0674 1472 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:41:34.0674 1472 Audiosrv - ok
18:41:34.0736 1472 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:41:34.0736 1472 Beep - ok
18:41:34.0970 1472 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
18:41:34.0986 1472 BITS - ok
18:41:35.0079 1472 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:41:35.0095 1472 Bonjour Service - ok
18:41:35.0126 1472 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:41:35.0126 1472 bowser - ok
18:41:35.0157 1472 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:41:35.0157 1472 BrFiltLo - ok
18:41:35.0173 1472 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:41:35.0173 1472 BrFiltUp - ok
18:41:35.0204 1472 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:41:35.0204 1472 Browser - ok
18:41:35.0235 1472 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:41:35.0235 1472 Brserid - ok
18:41:35.0235 1472 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:41:35.0235 1472 BrSerWdm - ok
18:41:35.0251 1472 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:41:35.0251 1472 BrUsbMdm - ok
18:41:35.0267 1472 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:41:35.0267 1472 BrUsbSer - ok
18:41:35.0282 1472 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:41:35.0298 1472 BTHMODEM - ok
18:41:35.0391 1472 catchme - ok
18:41:35.0423 1472 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:41:35.0423 1472 cdfs - ok
18:41:35.0454 1472 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:41:35.0454 1472 cdrom - ok
18:41:35.0485 1472 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:41:35.0485 1472 CertPropSvc - ok
18:41:35.0501 1472 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:41:35.0501 1472 circlass - ok
18:41:35.0532 1472 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:41:35.0532 1472 CLFS - ok
18:41:35.0579 1472 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:41:35.0594 1472 clr_optimization_v2.0.50727_32 - ok
18:41:35.0657 1472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:41:35.0703 1472 clr_optimization_v4.0.30319_32 - ok
18:41:35.0719 1472 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
18:41:35.0719 1472 cmdide - ok
18:41:35.0735 1472 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
18:41:35.0735 1472 Compbatt - ok
18:41:35.0735 1472 COMSysApp - ok
18:41:35.0766 1472 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:41:35.0766 1472 crcdisk - ok
18:41:35.0781 1472 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:41:35.0781 1472 Crusoe - ok
18:41:35.0828 1472 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
18:41:35.0828 1472 CryptSvc - ok
18:41:35.0891 1472 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:41:35.0906 1472 DcomLaunch - ok
18:41:35.0937 1472 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:41:35.0937 1472 DfsC - ok
18:41:36.0062 1472 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:41:36.0109 1472 DFSR - ok
18:41:36.0187 1472 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:41:36.0203 1472 Dhcp - ok
18:41:36.0265 1472 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:41:36.0265 1472 disk - ok
18:41:36.0296 1472 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:41:36.0296 1472 Dnscache - ok
18:41:36.0327 1472 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:41:36.0327 1472 dot3svc - ok
18:41:36.0374 1472 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:41:36.0374 1472 DPS - ok
18:41:36.0405 1472 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:41:36.0405 1472 drmkaud - ok
18:41:36.0452 1472 DSBrokerService (01d5b95d0a12a916bbdc258629113258) C:\Program Files\DellSupport\brkrsvc.exe
18:41:36.0452 1472 DSBrokerService - ok
18:41:36.0499 1472 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:41:36.0499 1472 DSproct - ok
18:41:36.0515 1472 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
18:41:36.0515 1472 dsunidrv - ok
18:41:36.0561 1472 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:41:36.0577 1472 DXGKrnl - ok
18:41:36.0639 1472 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
18:41:36.0655 1472 e1express - ok
18:41:36.0686 1472 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:41:36.0686 1472 E1G60 - ok
18:41:36.0717 1472 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:41:36.0717 1472 EapHost - ok
18:41:36.0764 1472 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:41:36.0764 1472 Ecache - ok
18:41:36.0780 1472 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:41:36.0795 1472 elxstor - ok
18:41:36.0858 1472 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:41:36.0889 1472 EMDMgmt - ok
18:41:36.0936 1472 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:41:36.0951 1472 EventSystem - ok
18:41:36.0967 1472 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:41:36.0983 1472 exfat - ok
18:41:36.0998 1472 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:41:37.0014 1472 fastfat - ok
18:41:37.0014 1472 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:41:37.0014 1472 fdc - ok
18:41:37.0045 1472 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:41:37.0045 1472 fdPHost - ok
18:41:37.0061 1472 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:41:37.0061 1472 FDResPub - ok
18:41:37.0092 1472 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:41:37.0092 1472 FileInfo - ok
18:41:37.0123 1472 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:41:37.0123 1472 Filetrace - ok
18:41:37.0139 1472 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:41:37.0139 1472 flpydisk - ok
18:41:37.0154 1472 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:41:37.0170 1472 FltMgr - ok
18:41:37.0232 1472 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:41:37.0248 1472 FontCache - ok
18:41:37.0295 1472 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:41:37.0310 1472 FontCache3.0.0.0 - ok
18:41:37.0310 1472 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:41:37.0310 1472 Fs_Rec - ok
18:41:37.0341 1472 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:41:37.0341 1472 gagp30kx - ok
18:41:37.0373 1472 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:41:37.0373 1472 GEARAspiWDM - ok
18:41:37.0419 1472 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:41:37.0435 1472 gpsvc - ok
18:41:37.0544 1472 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:41:37.0544 1472 gupdate - ok
18:41:37.0560 1472 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:41:37.0575 1472 gupdatem - ok
18:41:37.0607 1472 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:41:37.0622 1472 HdAudAddService - ok
18:41:37.0669 1472 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:41:37.0700 1472 HDAudBus - ok
18:41:37.0716 1472 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:41:37.0716 1472 HidBth - ok
18:41:37.0731 1472 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:41:37.0731 1472 HidIr - ok
18:41:37.0763 1472 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
18:41:37.0763 1472 hidserv - ok
18:41:37.0778 1472 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:41:37.0778 1472 HidUsb - ok
18:41:37.0825 1472 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:41:37.0825 1472 hkmsvc - ok
18:41:37.0841 1472 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:41:37.0841 1472 HpCISSs - ok
18:41:37.0919 1472 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:41:37.0950 1472 HSF_DPV - ok
18:41:37.0965 1472 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
18:41:37.0981 1472 HSXHWBS2 - ok
18:41:38.0012 1472 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
18:41:38.0028 1472 HTTP - ok
18:41:38.0059 1472 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:41:38.0059 1472 i2omp - ok
18:41:38.0106 1472 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:41:38.0106 1472 i8042prt - ok
18:41:38.0184 1472 IAANTMON (0bcee844a02747dd7f1e30352e619f2e) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:41:38.0184 1472 IAANTMON - ok
18:41:38.0231 1472 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
18:41:38.0231 1472 iaStor - ok
18:41:38.0262 1472 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:41:38.0262 1472 iaStorV - ok
18:41:38.0324 1472 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:41:38.0324 1472 IDriverT - ok
18:41:38.0418 1472 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:41:38.0433 1472 idsvc - ok
18:41:38.0527 1472 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:41:38.0558 1472 igfx - ok
18:41:38.0683 1472 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:41:38.0683 1472 iirsp - ok
18:41:38.0730 1472 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:41:38.0761 1472 IKEEXT - ok
18:41:38.0777 1472 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
18:41:38.0792 1472 intelide - ok
18:41:38.0823 1472 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:41:38.0823 1472 intelppm - ok
18:41:38.0839 1472 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:41:38.0839 1472 IPBusEnum - ok
18:41:38.0933 1472 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:41:38.0948 1472 iphlpsvc - ok
18:41:38.0948 1472 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:41:38.0948 1472 IPMIDRV - ok
18:41:38.0979 1472 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:41:38.0995 1472 IPNAT - ok
18:41:39.0089 1472 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:41:39.0120 1472 iPod Service - ok
18:41:39.0151 1472 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:41:39.0151 1472 IRENUM - ok
18:41:39.0167 1472 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
18:41:39.0182 1472 isapnp - ok
18:41:39.0213 1472 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:41:39.0229 1472 iScsiPrt - ok
18:41:39.0245 1472 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:41:39.0245 1472 iteatapi - ok
18:41:39.0260 1472 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:41:39.0260 1472 iteraid - ok
18:41:39.0291 1472 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:41:39.0291 1472 kbdclass - ok
18:41:39.0323 1472 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:41:39.0323 1472 kbdhid - ok
18:41:39.0338 1472 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
18:41:39.0338 1472 KeyIso - ok
18:41:39.0369 1472 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:41:39.0401 1472 KSecDD - ok
18:41:39.0447 1472 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:41:39.0463 1472 KtmRm - ok
18:41:39.0510 1472 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
18:41:39.0525 1472 LanmanServer - ok
18:41:39.0572 1472 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:41:39.0588 1472 LanmanWorkstation - ok
18:41:39.0619 1472 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:41:39.0619 1472 lltdio - ok
18:41:39.0650 1472 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:41:39.0666 1472 lltdsvc - ok
18:41:39.0697 1472 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:41:39.0697 1472 lmhosts - ok
18:41:39.0728 1472 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:41:39.0728 1472 LSI_FC - ok
18:41:39.0744 1472 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:41:39.0759 1472 LSI_SAS - ok
18:41:39.0775 1472 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:41:39.0791 1472 LSI_SCSI - ok
18:41:39.0822 1472 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:41:39.0837 1472 luafv - ok
18:41:39.0837 1472 lxcg_device - ok
18:41:39.0869 1472 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:41:39.0869 1472 mdmxsdk - ok
18:41:39.0900 1472 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:41:39.0900 1472 megasas - ok
18:41:39.0947 1472 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:41:39.0947 1472 MMCSS - ok
18:41:39.0978 1472 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:41:39.0978 1472 Modem - ok
18:41:39.0993 1472 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:41:40.0009 1472 monitor - ok
18:41:40.0040 1472 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:41:40.0040 1472 mouclass - ok
18:41:40.0056 1472 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:41:40.0056 1472 mouhid - ok
18:41:40.0071 1472 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:41:40.0071 1472 MountMgr - ok
18:41:40.0087 1472 MOUSECONTROLLER (eb7b70bf8af323e221e1fad42048d250) C:\Windows\system32\Drivers\AIMON.sys
18:41:40.0087 1472 MOUSECONTROLLER - ok
18:41:40.0118 1472 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:41:40.0118 1472 mpio - ok
18:41:40.0149 1472 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:41:40.0149 1472 mpsdrv - ok
18:41:40.0165 1472 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:41:40.0165 1472 Mraid35x - ok
18:41:40.0196 1472 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:41:40.0212 1472 MRxDAV - ok
18:41:40.0243 1472 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:41:40.0243 1472 mrxsmb - ok
18:41:40.0290 1472 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:41:40.0290 1472 mrxsmb10 - ok
18:41:40.0305 1472 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:41:40.0321 1472 mrxsmb20 - ok
18:41:40.0337 1472 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
18:41:40.0337 1472 msahci - ok
18:41:40.0352 1472 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:41:40.0352 1472 msdsm - ok
18:41:40.0383 1472 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:41:40.0399 1472 MSDTC - ok
18:41:40.0415 1472 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:41:40.0415 1472 Msfs - ok
18:41:40.0430 1472 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:41:40.0430 1472 msisadrv - ok
18:41:40.0461 1472 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:41:40.0461 1472 MSiSCSI - ok
18:41:40.0477 1472 msiserver - ok
18:41:40.0508 1472 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:41:40.0508 1472 MSKSSRV - ok
18:41:40.0508 1472 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:41:40.0508 1472 MSPCLOCK - ok
18:41:40.0555 1472 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:41:40.0555 1472 MSPQM - ok
18:41:40.0586 1472 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:41:40.0602 1472 MsRPC - ok
18:41:40.0633 1472 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:41:40.0633 1472 mssmbios - ok
18:41:40.0649 1472 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:41:40.0649 1472 MSTEE - ok
18:41:40.0664 1472 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:41:40.0664 1472 Mup - ok
18:41:40.0695 1472 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:41:40.0711 1472 napagent - ok
18:41:40.0758 1472 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:41:40.0758 1472 NativeWifiP - ok
18:41:40.0836 1472 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:41:40.0851 1472 NDIS - ok
18:41:41.0007 1472 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:41:41.0007 1472 NdisTapi - ok
18:41:41.0023 1472 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:41:41.0023 1472 Ndisuio - ok
18:41:41.0054 1472 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:41:41.0054 1472 NdisWan - ok
18:41:41.0085 1472 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:41:41.0085 1472 NDProxy - ok
18:41:41.0085 1472 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:41:41.0085 1472 NetBIOS - ok
18:41:41.0132 1472 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:41:41.0148 1472 netbt - ok
18:41:41.0163 1472 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
18:41:41.0163 1472 Netlogon - ok
18:41:41.0195 1472 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:41:41.0210 1472 Netman - ok
18:41:41.0241 1472 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:41:41.0257 1472 netprofm - ok
18:41:41.0304 1472 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:41:41.0304 1472 NetTcpPortSharing - ok
18:41:41.0351 1472 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:41:41.0351 1472 nfrd960 - ok
18:41:41.0382 1472 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:41:41.0397 1472 NlaSvc - ok
18:41:41.0429 1472 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:41:41.0429 1472 Npfs - ok
18:41:41.0475 1472 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:41:41.0475 1472 nsi - ok
18:41:41.0491 1472 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:41:41.0491 1472 nsiproxy - ok
18:41:41.0600 1472 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:41:41.0631 1472 Ntfs - ok
18:41:41.0663 1472 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:41:41.0678 1472 ntrigdigi - ok
18:41:41.0678 1472 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:41:41.0678 1472 Null - ok
18:41:41.0694 1472 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:41:41.0694 1472 nvraid - ok
18:41:41.0709 1472 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:41:41.0709 1472 nvstor - ok
18:41:41.0725 1472 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
18:41:41.0725 1472 nv_agp - ok
18:41:41.0756 1472 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:41:41.0756 1472 ohci1394 - ok
18:41:41.0803 1472 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:41:41.0834 1472 p2pimsvc - ok
18:41:41.0834 1472 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:41:41.0850 1472 p2psvc - ok
18:41:41.0850 1472 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:41:41.0850 1472 Parport - ok
18:41:41.0881 1472 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:41:41.0881 1472 partmgr - ok
18:41:41.0897 1472 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:41:41.0897 1472 Parvdm - ok
18:41:41.0928 1472 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:41:41.0928 1472 PcaSvc - ok
18:41:41.0959 1472 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:41:41.0975 1472 pci - ok
18:41:41.0990 1472 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
18:41:41.0990 1472 pciide - ok
18:41:42.0006 1472 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:41:42.0006 1472 pcmcia - ok
18:41:42.0068 1472 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:41:42.0099 1472 PEAUTH - ok
18:41:42.0193 1472 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:41:42.0255 1472 pla - ok
18:41:42.0349 1472 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:41:42.0365 1472 PlugPlay - ok
18:41:42.0411 1472 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:41:42.0474 1472 PNRPAutoReg - ok
18:41:42.0489 1472 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:41:42.0489 1472 PNRPsvc - ok
18:41:42.0521 1472 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:41:42.0536 1472 PolicyAgent - ok
18:41:42.0583 1472 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:41:42.0599 1472 PptpMiniport - ok
18:41:42.0614 1472 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:41:42.0614 1472 Processor - ok
18:41:42.0645 1472 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:41:42.0661 1472 ProfSvc - ok
18:41:42.0677 1472 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
18:41:42.0677 1472 ProtectedStorage - ok
18:41:42.0708 1472 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:41:42.0708 1472 PSched - ok
18:41:42.0739 1472 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
18:41:42.0739 1472 PxHelp20 - ok
18:41:42.0801 1472 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:41:42.0833 1472 ql2300 - ok
18:41:42.0848 1472 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:41:42.0848 1472 ql40xx - ok
18:41:42.0895 1472 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:41:42.0895 1472 QWAVE - ok
18:41:42.0911 1472 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:41:42.0911 1472 QWAVEdrv - ok
18:41:43.0051 1472 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
18:41:43.0129 1472 R300 - ok
18:41:43.0254 1472 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:41:43.0254 1472 RasAcd - ok
18:41:43.0269 1472 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:41:43.0285 1472 RasAuto - ok
18:41:43.0316 1472 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:41:43.0316 1472 Rasl2tp - ok
18:41:43.0347 1472 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:41:43.0347 1472 RasMan - ok
18:41:43.0394 1472 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:41:43.0394 1472 RasPppoe - ok
18:41:43.0410 1472 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:41:43.0410 1472 RasSstp - ok
18:41:43.0457 1472 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:41:43.0457 1472 rdbss - ok
18:41:43.0472 1472 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:41:43.0472 1472 RDPCDD - ok
18:41:43.0503 1472 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
18:41:43.0535 1472 rdpdr - ok
18:41:43.0535 1472 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:41:43.0535 1472 RDPENCDD - ok
18:41:43.0550 1472 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:41:43.0566 1472 RDPWD - ok
18:41:43.0581 1472 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:41:43.0581 1472 RemoteAccess - ok
18:41:43.0613 1472 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:41:43.0613 1472 RemoteRegistry - ok
18:41:43.0644 1472 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:41:43.0644 1472 RpcLocator - ok
18:41:43.0691 1472 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:41:43.0691 1472 RpcSs - ok
18:41:43.0737 1472 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:41:43.0737 1472 rspndr - ok
18:41:43.0753 1472 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
18:41:43.0753 1472 SamSs - ok
18:41:43.0753 1472 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:41:43.0769 1472 sbp2port - ok
18:41:43.0800 1472 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:41:43.0815 1472 SCardSvr - ok
18:41:43.0862 1472 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:41:43.0893 1472 Schedule - ok
18:41:43.0909 1472 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:41:43.0909 1472 SCPolicySvc - ok
18:41:43.0956 1472 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:41:43.0956 1472 SDRSVC - ok
18:41:43.0971 1472 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:41:43.0971 1472 secdrv - ok
18:41:43.0987 1472 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:41:43.0987 1472 seclogon - ok
18:41:44.0018 1472 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:41:44.0018 1472 SENS - ok
18:41:44.0034 1472 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:41:44.0034 1472 Serenum - ok
18:41:44.0065 1472 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:41:44.0065 1472 Serial - ok
18:41:44.0096 1472 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:41:44.0096 1472 sermouse - ok
18:41:44.0143 1472 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:41:44.0159 1472 SessionEnv - ok
18:41:44.0174 1472 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:41:44.0174 1472 sffdisk - ok
18:41:44.0190 1472 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:41:44.0190 1472 sffp_mmc - ok
18:41:44.0205 1472 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:41:44.0205 1472 sffp_sd - ok
18:41:44.0221 1472 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:41:44.0221 1472 sfloppy - ok
18:41:44.0252 1472 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:41:44.0268 1472 SharedAccess - ok
18:41:44.0346 1472 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:41:44.0361 1472 ShellHWDetection - ok
18:41:44.0393 1472 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
18:41:44.0393 1472 sisagp - ok
18:41:44.0393 1472 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:41:44.0393 1472 SiSRaid2 - ok
18:41:44.0408 1472 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:41:44.0408 1472 SiSRaid4 - ok
18:41:44.0580 1472 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:41:44.0658 1472 slsvc - ok
18:41:44.0751 1472 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:41:44.0751 1472 SLUINotify - ok
18:41:44.0783 1472 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:41:44.0798 1472 SNMPTRAP - ok
18:41:44.0829 1472 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:41:44.0829 1472 spldr - ok
18:41:44.0845 1472 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:41:44.0861 1472 Spooler - ok
18:41:44.0923 1472 sprtsvc_dellsupportcenter - ok
18:41:44.0985 1472 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:41:44.0985 1472 srv - ok
18:41:45.0017 1472 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:41:45.0032 1472 srv2 - ok
18:41:45.0063 1472 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:41:45.0063 1472 srvnet - ok
18:41:45.0095 1472 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:41:45.0110 1472 SSDPSRV - ok
18:41:45.0141 1472 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:41:45.0157 1472 SstpSvc - ok
18:41:45.0204 1472 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
18:41:45.0235 1472 STHDA - ok
18:41:45.0282 1472 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:41:45.0313 1472 stisvc - ok
18:41:45.0344 1472 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:41:45.0344 1472 swenum - ok
18:41:45.0391 1472 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:41:45.0407 1472 swprv - ok
18:41:45.0422 1472 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:41:45.0438 1472 Symc8xx - ok
18:41:45.0438 1472 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:41:45.0438 1472 Sym_hi - ok
18:41:45.0453 1472 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:41:45.0453 1472 Sym_u3 - ok
18:41:45.0500 1472 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:41:45.0531 1472 SysMain - ok
18:41:45.0547 1472 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:41:45.0563 1472 TabletInputService - ok
18:41:45.0594 1472 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:41:45.0609 1472 TapiSrv - ok
18:41:45.0641 1472 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:41:45.0641 1472 TBS - ok
18:41:45.0703 1472 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:41:45.0719 1472 Tcpip - ok
18:41:45.0734 1472 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:41:45.0734 1472 Tcpip6 - ok
18:41:45.0765 1472 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:41:45.0765 1472 tcpipreg - ok
18:41:45.0812 1472 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:41:45.0812 1472 TDPIPE - ok
18:41:45.0828 1472 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:41:45.0828 1472 TDTCP - ok
18:41:45.0859 1472 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:41:45.0859 1472 tdx - ok
18:41:45.0875 1472 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:41:45.0875 1472 TermDD - ok
18:41:45.0921 1472 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:41:45.0937 1472 TermService - ok
18:41:45.0953 1472 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:41:45.0953 1472 Themes - ok
18:41:46.0015 1472 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:41:46.0015 1472 THREADORDER - ok
18:41:46.0031 1472 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:41:46.0031 1472 TrkWks - ok
18:41:46.0062 1472 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:41:46.0062 1472 TrustedInstaller - ok
18:41:46.0093 1472 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:41:46.0093 1472 tssecsrv - ok
18:41:46.0109 1472 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:41:46.0109 1472 tunmp - ok
18:41:46.0140 1472 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:41:46.0140 1472 tunnel - ok
18:41:46.0155 1472 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:41:46.0171 1472 uagp35 - ok
18:41:46.0187 1472 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:41:46.0202 1472 udfs - ok
18:41:46.0233 1472 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:41:46.0233 1472 UI0Detect - ok
18:41:46.0249 1472 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
18:41:46.0249 1472 uliagpkx - ok
18:41:46.0265 1472 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:41:46.0265 1472 uliahci - ok
18:41:46.0265 1472 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:41:46.0280 1472 UlSata - ok
18:41:46.0296 1472 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:41:46.0311 1472 ulsata2 - ok
18:41:46.0327 1472 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:41:46.0327 1472 umbus - ok
18:41:46.0374 1472 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:41:46.0374 1472 upnphost - ok
18:41:46.0405 1472 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
18:41:46.0405 1472 USBAAPL - ok
18:41:46.0436 1472 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
18:41:46.0436 1472 usbaudio - ok
18:41:46.0452 1472 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:41:46.0452 1472 usbccgp - ok
18:41:46.0467 1472 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:41:46.0467 1472 usbcir - ok
18:41:46.0514 1472 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:41:46.0514 1472 usbehci - ok
18:41:46.0545 1472 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:41:46.0561 1472 usbhub - ok
18:41:46.0577 1472 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:41:46.0577 1472 usbohci - ok
18:41:46.0592 1472 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:41:46.0592 1472 usbprint - ok
18:41:46.0623 1472 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
18:41:46.0639 1472 usbscan - ok
18:41:46.0655 1472 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:41:46.0655 1472 USBSTOR - ok
18:41:46.0686 1472 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:41:46.0686 1472 usbuhci - ok
18:41:46.0701 1472 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:41:46.0717 1472 UxSms - ok
18:41:46.0748 1472 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:41:46.0764 1472 vds - ok
18:41:46.0795 1472 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:41:46.0795 1472 vga - ok
18:41:46.0826 1472 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:41:46.0826 1472 VgaSave - ok
18:41:46.0842 1472 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
18:41:46.0842 1472 viaagp - ok
18:41:46.0842 1472 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:41:46.0842 1472 ViaC7 - ok
18:41:46.0857 1472 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
18:41:46.0873 1472 viaide - ok
18:41:46.0889 1472 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:41:46.0904 1472 volmgr - ok
18:41:46.0935 1472 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:41:46.0951 1472 volmgrx - ok
18:41:46.0982 1472 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:41:46.0998 1472 volsnap - ok
18:41:47.0013 1472 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:41:47.0013 1472 vsmraid - ok
18:41:47.0091 1472 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:41:47.0138 1472 VSS - ok
18:41:47.0169 1472 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:41:47.0169 1472 W32Time - ok
18:41:47.0216 1472 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:41:47.0216 1472 WacomPen - ok
18:41:47.0232 1472 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:41:47.0232 1472 Wanarp - ok
18:41:47.0247 1472 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:41:47.0247 1472 Wanarpv6 - ok
18:41:47.0294 1472 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:41:47.0310 1472 wcncsvc - ok
18:41:47.0341 1472 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:41:47.0341 1472 WcsPlugInService - ok
18:41:47.0357 1472 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:41:47.0357 1472 Wd - ok
18:41:47.0403 1472 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:41:47.0419 1472 Wdf01000 - ok
18:41:47.0450 1472 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:41:47.0450 1472 WdiServiceHost - ok
18:41:47.0450 1472 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:41:47.0450 1472 WdiSystemHost - ok
18:41:47.0481 1472 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:41:47.0497 1472 WebClient - ok
18:41:47.0528 1472 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:41:47.0544 1472 Wecsvc - ok
18:41:47.0575 1472 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:41:47.0575 1472 wercplsupport - ok
18:41:47.0606 1472 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:41:47.0606 1472 WerSvc - ok
18:41:47.0669 1472 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:41:47.0684 1472 winachsf - ok
18:41:47.0778 1472 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:41:47.0793 1472 WinDefend - ok
18:41:47.0793 1472 WinHttpAutoProxySvc - ok
18:41:47.0856 1472 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:41:47.0871 1472 Winmgmt - ok
18:41:47.0949 1472 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:41:47.0981 1472 WinRM - ok
18:41:48.0043 1472 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:41:48.0059 1472 Wlansvc - ok
18:41:48.0137 1472 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:41:48.0137 1472 WmiAcpi - ok
18:41:48.0168 1472 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:41:48.0168 1472 wmiApSrv - ok
18:41:48.0324 1472 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:41:48.0355 1472 WMPNetworkSvc - ok
18:41:48.0371 1472 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:41:48.0386 1472 WPCSvc - ok
18:41:48.0417 1472 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:41:48.0417 1472 WPDBusEnum - ok
18:41:48.0464 1472 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:41:48.0464 1472 WpdUsb - ok
18:41:48.0605 1472 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:41:48.0683 1472 WPFFontCache_v0400 - ok
18:41:48.0714 1472 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:41:48.0714 1472 ws2ifsl - ok
18:41:48.0745 1472 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
18:41:48.0761 1472 wscsvc - ok
18:41:48.0761 1472 WSearch - ok
18:41:48.0792 1472 WT6563F (c8b9288c7fb87899fa0ccbb6d32e95d0) C:\Windows\system32\Drivers\WT6563F.sys
18:41:48.0807 1472 WT6563F - ok
18:41:48.0901 1472 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:41:48.0948 1472 wuauserv - ok
18:41:49.0057 1472 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:41:49.0057 1472 WUDFRd - ok
18:41:49.0073 1472 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:41:49.0088 1472 wudfsvc - ok
18:41:49.0104 1472 W_MouseCombo (c7543fc204d53f3238141ab23d86c6c3) C:\Windows\system32\Drivers\W_MouseCombo.sys
18:41:49.0104 1472 W_MouseCombo - ok
18:41:49.0151 1472 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
18:41:49.0151 1472 XAudio - ok
18:41:49.0182 1472 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
18:41:49.0197 1472 XAudioService - ok
18:41:49.0213 1472 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:41:49.0478 1472 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:41:49.0478 1472 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:41:49.0478 1472 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
18:41:49.0743 1472 \Device\Harddisk1\DR1 - ok
18:41:49.0775 1472 Boot (0x1200) (4b722d3504582bd009efd40802a1d533) \Device\Harddisk0\DR0\Partition0
18:41:49.0775 1472 \Device\Harddisk0\DR0\Partition0 - ok
18:41:49.0775 1472 Boot (0x1200) (3513a3e968435215f2249ecb8768f034) \Device\Harddisk0\DR0\Partition1
18:41:49.0775 1472 \Device\Harddisk0\DR0\Partition1 - ok
18:41:49.0790 1472 Boot (0x1200) (3bf274cd596f5e9798cac3964d6a057b) \Device\Harddisk1\DR1\Partition0
18:41:49.0790 1472 \Device\Harddisk1\DR1\Partition0 - ok
18:41:49.0790 1472 ============================================================
18:41:49.0790 1472 Scan finished
18:41:49.0790 1472 ============================================================
18:41:49.0806 2932 Detected object count: 1
18:41:49.0806 2932 Actual detected object count: 1
18:42:44.0905 2932 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:42:44.0921 2932 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:42:44.0921 2932 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:42:44.0921 2932 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:42:44.0921 2932 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:42:44.0936 2932 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:42:44.0952 2932 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:42:44.0952 2932 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:42:44.0952 2932 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:42:44.0952 2932 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:42:44.0952 2932 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:42:44.0952 2932 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:42:44.0952 2932 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:42:44.0967 2932 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:42:44.0967 2932 \Device\Harddisk0\DR0\TDLFS - deleted
18:42:44.0967 2932 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
18:42:58.0758 3180 Deinitialize success

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:52 PM

Posted 24 June 2012 - 09:06 PM

good,

please give ComboFix another try now,

if it still wont run, please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 nylde.star

nylde.star
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 25 June 2012 - 12:28 AM

Sorry there was a delay in my post. I ran the OTL twice but only came up with one log (missing the extra OTL). I'm going to delete the OTL and download a fresh one to try again. I will update in an hour. Thanks for the help and your patience.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:52 PM

Posted 25 June 2012 - 12:31 AM

the extra's.txt is only produced on the first run, so if you have run it before, you won't get another one

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 nylde.star

nylde.star
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 25 June 2012 - 01:06 AM

Oops. Looks like I messed that up. Is this going to create a problem? Here's the latest scan from the OTL...

OTL logfile created on: 6/24/2012 10:42:12 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\MainPC\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.21 Mb Total Physical Memory | 565.69 Mb Available Physical Memory | 55.83% Memory free
2.23 Gb Paging File | 1.99 Gb Available in Paging File | 89.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 199.95 Gb Free Space | 69.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.91 Gb Free Space | 29.06% Space Free | Partition Type: NTFS

Computer Name: MAINPC-PC | User Name: MainPC | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 22:28:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\MainPC\Desktop\OTL.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/02/09 11:32:28 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/07 11:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/29 10:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/04/15 14:15:30 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MainPC\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/11/01 11:54:12 | 000,030,952 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AIMON.sys -- (MOUSECONTROLLER)
DRV - [2009/11/10 10:57:54 | 000,032,128 | ---- | M] (BANNCO CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\W_MouseCombo.sys -- (W_MouseCombo)
DRV - [2008/01/18 21:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/07 22:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/17 13:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2003/03/19 14:11:26 | 000,013,120 | ---- | M] (Weltrend Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WT6563F.sys -- (WT6563F)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\..\SearchScopes\{4003C81C-FB4F-441B-B7FE-9D5C373335CF}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120520,17118,0,18,0
IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-840426640-546980545-2102176797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/06/22 14:56:58 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-840426640-546980545-2102176797-1000..\Run: [Akamai] C:\Users\MainPC\AppData\Local\Google\Akamai\jrhrqrk.dll (Gracenote)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-840426640-546980545-2102176797-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-840426640-546980545-2102176797-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-840426640-546980545-2102176797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8DED28-75EB-408E-904A-9053291EC61E}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 22:28:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\MainPC\Desktop\OTL.exe
[2012/06/24 19:12:01 | 000,000,000 | --SD | C] -- C:\svchost.exe
[2012/06/24 18:20:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/06/24 18:17:16 | 004,567,243 | R--- | C] (Swearware) -- C:\Users\MainPC\Desktop\svchost.exe.exe
[2012/06/24 14:32:20 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/23 20:36:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/23 20:32:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\MainPC\Desktop\aswMBR.exe
[2012/06/22 00:51:37 | 000,100,736 | ---- | C] (GMER) -- C:\pwdiypog.sys
[2012/06/21 23:18:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/21 23:18:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/21 23:18:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/21 23:11:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/07 23:15:48 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MainPC\edlyn-setup.exe

========== Files - Modified Within 30 Days ==========

[2012/06/24 22:42:00 | 000,006,216 | ---- | M] () -- C:\Users\MainPC\AppData\Local\d3d9caps.dat
[2012/06/24 22:28:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\MainPC\Desktop\OTL.exe
[2012/06/24 22:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 22:19:05 | 000,003,552 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 22:19:05 | 000,003,552 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 22:19:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/24 21:28:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/24 19:23:45 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/24 19:23:45 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/24 19:17:19 | 000,289,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/24 18:40:20 | 002,109,806 | ---- | M] () -- C:\Users\MainPC\Desktop\tdsskiller.zip
[2012/06/24 18:25:38 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/24 18:17:16 | 004,567,243 | R--- | M] (Swearware) -- C:\Users\MainPC\Desktop\svchost.exe.exe
[2012/06/24 13:18:30 | 000,882,236 | ---- | M] () -- C:\Users\MainPC\Desktop\FRST.exe
[2012/06/23 21:12:25 | 000,018,508 | ---- | M] () -- C:\Users\MainPC\AppData\Roaming\wklnhst.dat
[2012/06/22 14:56:58 | 000,000,759 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/22 14:34:06 | 000,044,607 | ---- | M] () -- C:\Users\MainPC\Desktop\bootkit_remover.zip
[2012/06/22 14:33:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\MainPC\Desktop\aswMBR.exe
[2012/06/22 01:03:14 | 234,303,885 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/22 00:51:37 | 000,100,736 | ---- | M] (GMER) -- C:\pwdiypog.sys
[2012/05/29 16:58:21 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/28 20:45:18 | 000,013,824 | ---- | M] () -- C:\Users\MainPC\Documents\STATION 300.xlr

========== Files Created - No Company Name ==========

[2012/06/24 18:40:16 | 002,109,806 | ---- | C] () -- C:\Users\MainPC\Desktop\tdsskiller.zip
[2012/06/24 13:20:27 | 000,882,236 | ---- | C] () -- C:\Users\MainPC\Desktop\FRST.exe
[2012/06/23 20:32:31 | 000,044,607 | ---- | C] () -- C:\Users\MainPC\Desktop\bootkit_remover.zip
[2012/06/21 23:18:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/21 23:18:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/21 23:18:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/21 23:18:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/21 23:18:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 21:23:00 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\AppData\Local\{52D64BCC-7791-4514-931C-AA88C2659786}
[2011/12/29 19:54:56 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\AppData\Local\{8A5AE502-A4E6-4B1A-8629-7A0B03811BB7}
[2011/12/29 19:52:56 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\AppData\Local\{95773CE3-7B4B-4D01-8B6C-7C0B6164FDBE}
[2011/12/26 15:38:03 | 000,714,526 | ---- | C] () -- C:\Windows\unins000.exe
[2011/12/05 22:25:30 | 000,010,560 | -HS- | C] () -- C:\ProgramData\2185621650
[2011/12/04 13:35:24 | 000,010,622 | -HS- | C] () -- C:\Users\MainPC\AppData\Local\wvkcxr6a2gvi4ldd8cbe6e074c5r
[2011/12/04 13:35:24 | 000,010,622 | -HS- | C] () -- C:\ProgramData\wvkcxr6a2gvi4ldd8cbe6e074c5r
[2011/08/18 19:43:15 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\AppData\Local\{4E260792-A8FC-47E7-957E-4483A670F311}
[2011/06/11 13:43:49 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\defogger_reenable
[2010/09/07 10:20:09 | 000,004,504 | ---- | C] () -- C:\Windows\unins000.dat
[2008/11/17 11:51:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/04/27 12:09:29 | 000,006,216 | ---- | C] () -- C:\Users\MainPC\AppData\Local\d3d9caps.dat
[2007/04/26 23:44:28 | 000,018,508 | ---- | C] () -- C:\Users\MainPC\AppData\Roaming\wklnhst.dat
[2007/04/26 18:40:09 | 000,054,272 | ---- | C] () -- C:\Users\MainPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/02/24 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\Defense Center
[2012/03/04 18:39:45 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\FrostWire
[2010/12/07 23:08:55 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\ICAClient
[2008/12/03 18:44:42 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\OpenOffice.org
[2010/12/28 19:52:32 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\PCDr
[2011/08/01 10:05:43 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\PeerNetworking
[2011/03/12 23:24:35 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\SpinTop
[2010/07/29 10:32:10 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\Template
[2007/04/27 21:38:10 | 000,000,000 | ---D | M] -- C:\Users\MainPC\AppData\Roaming\WildTangent
[2012/05/29 16:58:21 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/24 22:20:46 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/24 18:25:38 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/19 00:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 02:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Edlyn\Chameleon\svchost.exe
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Edlyn\Chameleon\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST3320620AS
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 288.00GB
Starting Offset: 10779361280
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:52 PM

Posted 25 June 2012 - 01:16 AM

Hi,

Please run the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    E - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2011/12/29 21:23:00 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\AppData\Local\{52D64BCC-7791-4514-931C-AA88C2659786}
    [2011/12/29 19:54:56 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\AppData\Local\{8A5AE502-A4E6-4B1A-8629-7A0B03811BB7}
    [2011/12/29 19:52:56 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\AppData\Local\{95773CE3-7B4B-4D01-8B6C-7C0B6164FDBE}
    [2011/12/05 22:25:30 | 000,010,560 | -HS- | C] () -- C:\ProgramData\2185621650
    [2011/12/04 13:35:24 | 000,010,622 | -HS- | C] () -- C:\Users\MainPC\AppData\Local\wvkcxr6a2gvi4ldd8cbe6e074c5r
    [2011/12/04 13:35:24 | 000,010,622 | -HS- | C] () -- C:\ProgramData\wvkcxr6a2gvi4ldd8cbe6e074c5r
    [2011/08/18 19:43:15 | 000,000,000 | ---- | C] () -- C:\Users\MainPC\AppData\Local\{4E260792-A8FC-47E7-957E-4483A670F311}
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT

Please retry ComboFix, see if it will run to completion now

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 nylde.star

nylde.star
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 25 June 2012 - 01:26 AM

Here is the log after I ran OTL with the 'fix'. I'm going to try to run ComboFix now from my desktop and will update you on that shortly...

All processes killed
========== OTL ==========
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Users\MainPC\AppData\Local\{52D64BCC-7791-4514-931C-AA88C2659786} moved successfully.
C:\Users\MainPC\AppData\Local\{8A5AE502-A4E6-4B1A-8629-7A0B03811BB7} moved successfully.
C:\Users\MainPC\AppData\Local\{95773CE3-7B4B-4D01-8B6C-7C0B6164FDBE} moved successfully.
C:\ProgramData\2185621650 moved successfully.
C:\Users\MainPC\AppData\Local\wvkcxr6a2gvi4ldd8cbe6e074c5r moved successfully.
C:\ProgramData\wvkcxr6a2gvi4ldd8cbe6e074c5r moved successfully.
C:\Users\MainPC\AppData\Local\{4E260792-A8FC-47E7-957E-4483A670F311} moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\MainPC\Desktop\cmd.bat deleted successfully.
C:\Users\MainPC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MainPC
->Temp folder emptied: 60006220 bytes
->Temporary Internet Files folder emptied: 239651096 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 212 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 286.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06242012_231941

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users