Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef virus help please


  • This topic is locked This topic is locked
23 replies to this topic

#1 mikehill200

mikehill200

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 13 July 2012 - 02:30 PM

Looks like I'm another victim of the Sirefef virus. Microsoft Security Essentials tells me I'm infected with many variants of Sirefef, including Sirefef.R, Sirefef.AB, and Sirefef.AH

My PC is now stuck in the error loop of restarting every 60 seconds, even in safe mode. The error message I receive is: "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."

I tried to abort the system shutdown via command prompt: "shutdown a/", but that didn't work. Therefore, I'm stuck in this restart loop and unable to troubleshoot/proceed further without assistance.

The infected PC is an older Acer, running Windows Vista, 32 bit.

I have read other threads and have already done the following:

1) Downloaded and ran Farbar Recovery Scan.


= = = = = = = = = = = = = = = = = = Here Are The Results = = = = = = = = = = = = = = = = = = = = = = = = = =

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 13-07-2012
Ran by Owner at 13-07-2012 14:13:32
Running from E:\
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-13 14:13 - 2012-07-13 14:13 - 00000000 ____D C:\FRST
2012-07-13 10:02 - 2012-07-13 10:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-13 09:53 - 2012-07-13 09:53 - 10288512 ____A (Microsoft Corporation) C:\Users\Owner\Desktop\mseinstall.exe
2012-07-12 22:15 - 2012-07-12 22:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-12 15:40 - 2012-07-12 15:40 - 00286637 ____A C:\Users\Owner\Documents\LoaderBackup-(2012-07-12)-1.bbb
2012-07-12 13:36 - 2012-07-12 13:36 - 00282506 ____A C:\Users\Owner\Documents\LoaderBackup-(2012-07-12).bbb
2012-07-12 13:13 - 2012-07-12 13:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-07-12 13:04 - 2012-07-12 13:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2012-07-12 13:04 - 2012-07-12 13:04 - 00000000 ____D C:\Users\Owner\Documents\BlackBerry
2012-07-12 13:03 - 2012-07-12 15:59 - 00000231 ____A C:\Users\Owner\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-12 13:03 - 2012-07-12 15:59 - 00000231 ____A C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-12 13:03 - 2012-07-12 15:59 - 00000231 ____A C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-12 13:03 - 2012-07-12 13:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Research In Motion
2012-07-12 13:03 - 2012-07-12 13:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Research In Motion
2012-07-12 13:01 - 2012-07-13 13:57 - 00007774 ____A C:\Windows\setupact.log
2012-07-12 13:01 - 2012-07-12 13:01 - 00002096 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-12 13:01 - 2012-07-12 13:01 - 00001147 ____A C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-12 13:01 - 2012-07-12 13:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2012-07-12 13:01 - 2012-07-12 13:01 - 00000000 ____A C:\Windows\setuperr.log
2012-07-12 13:01 - 2011-07-20 15:13 - 00035328 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial.sys
2012-07-12 13:00 - 2012-07-12 13:00 - 00000000 ____D C:\Users\All Users\Research In Motion
2012-07-12 13:00 - 2012-07-12 13:00 - 00000000 ____D C:\Program Files\Research In Motion
2012-07-12 13:00 - 2012-07-12 13:00 - 00000000 ____D C:\Program Files\Common Files\XCPCSync.OEM
2012-07-12 13:00 - 2012-07-12 13:00 - 00000000 ____D C:\Program Files\Common Files\Research In Motion
2012-07-12 10:51 - 2012-07-12 10:52 - 00952425 ____A C:\Users\Owner\Desktop\Headerfiles.zip
2012-07-12 09:16 - 2012-07-12 09:16 - 00000432 ____A C:\Windows\PFRO.log
2012-07-12 01:03 - 2012-06-13 08:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 16:24 - 2012-07-11 16:41 - 00000000 ____D C:\Users\Owner\Desktop\50 50
2012-07-11 13:58 - 2012-06-08 12:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 13:58 - 2012-06-05 11:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 13:58 - 2012-06-05 11:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 13:58 - 2012-06-04 10:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 13:58 - 2012-06-01 19:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 13:58 - 2012-06-01 19:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 15:03 - 2012-07-10 15:04 - 00000000 ____D C:\Users\Owner\Desktop\Truth About Abs
2012-07-09 22:26 - 2012-06-02 17:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-07-09 22:26 - 2012-06-02 17:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-07-09 22:26 - 2012-06-02 17:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-07-09 22:26 - 2012-06-02 17:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-07-09 22:26 - 2012-06-02 17:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-07-09 22:26 - 2012-06-02 17:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-07-09 22:26 - 2012-06-02 17:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-07-09 22:26 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-07-09 22:26 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-13 15:59 - 2012-05-15 01:37 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 15:59 - 2012-05-15 01:37 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 15:59 - 2012-05-15 01:37 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 15:59 - 2012-05-15 01:35 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-13 15:59 - 2012-05-15 01:33 - 06007808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 15:59 - 2012-05-15 01:33 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 15:59 - 2012-05-15 01:33 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-13 15:59 - 2012-05-15 01:33 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 15:59 - 2012-05-15 01:33 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-13 15:59 - 2012-05-15 01:32 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 15:59 - 2012-05-15 01:32 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-13 15:59 - 2012-05-15 01:32 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 15:59 - 2012-05-15 01:31 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 15:59 - 2012-05-15 01:31 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 15:59 - 2012-05-15 01:31 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-13 15:59 - 2012-05-15 01:31 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-13 15:59 - 2012-05-15 01:31 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 15:59 - 2012-05-15 01:31 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-13 15:59 - 2012-05-15 01:31 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-13 15:59 - 2012-05-15 01:31 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-13 15:59 - 2012-05-15 00:01 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-13 15:59 - 2012-05-14 22:26 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 15:59 - 2012-05-14 22:25 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-13 15:59 - 2012-05-14 22:24 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-13 15:59 - 2012-05-14 22:23 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 15:59 - 2012-05-01 09:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 15:59 - 2012-04-23 11:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 15:59 - 2012-04-23 11:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 15:59 - 2012-04-23 11:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

============ 3 Months Modified Files ========================

2012-07-13 14:06 - 2010-07-09 17:24 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-13 14:05 - 2012-05-29 10:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-13 14:05 - 2006-11-02 08:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-13 14:05 - 2006-11-02 07:47 - 00004112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-13 14:05 - 2006-11-02 07:47 - 00004112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-13 14:03 - 2006-11-02 05:33 - 00706586 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-13 13:57 - 2012-07-12 13:01 - 00007774 ____A C:\Windows\setupact.log
2012-07-13 11:05 - 2010-07-11 14:20 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{A89FAD69-B13F-423B-AEAE-98AF91195DFD}.job
2012-07-13 10:32 - 2006-11-02 08:01 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-13 10:04 - 2008-01-20 20:35 - 01882112 ____A C:\Windows\WindowsUpdate.log
2012-07-13 10:03 - 2011-01-26 18:12 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-13 09:53 - 2012-07-13 09:53 - 10288512 ____A (Microsoft Corporation) C:\Users\Owner\Desktop\mseinstall.exe
2012-07-12 15:59 - 2012-07-12 13:03 - 00000231 ____A C:\Users\Owner\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-12 15:59 - 2012-07-12 13:03 - 00000231 ____A C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-12 15:59 - 2012-07-12 13:03 - 00000231 ____A C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-12 15:40 - 2012-07-12 15:40 - 00286637 ____A C:\Users\Owner\Documents\LoaderBackup-(2012-07-12)-1.bbb
2012-07-12 13:36 - 2012-07-12 13:36 - 00282506 ____A C:\Users\Owner\Documents\LoaderBackup-(2012-07-12).bbb
2012-07-12 13:13 - 2012-07-12 13:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-07-12 13:04 - 2012-07-12 13:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_01007.Wdf
2012-07-12 13:04 - 2012-01-21 18:21 - 00050688 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-12 13:01 - 2012-07-12 13:01 - 00002096 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-12 13:01 - 2012-07-12 13:01 - 00001147 ____A C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-12 13:01 - 2012-07-12 13:01 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_01007.Wdf
2012-07-12 13:01 - 2012-07-12 13:01 - 00000000 ____A C:\Windows\setuperr.log
2012-07-12 10:58 - 2012-05-29 10:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 10:58 - 2011-05-19 16:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-12 10:52 - 2012-07-12 10:51 - 00952425 ____A C:\Users\Owner\Desktop\Headerfiles.zip
2012-07-12 09:20 - 2006-11-02 07:47 - 01713832 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 09:16 - 2012-07-12 09:16 - 00000432 ____A C:\Windows\PFRO.log
2012-07-12 01:01 - 2006-11-02 05:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-12 01:01 - 2006-11-02 05:23 - 00000240 ____A C:\Windows\win.ini
2012-06-13 08:40 - 2012-07-12 01:03 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 13:51 - 2012-06-11 13:51 - 00000629 ____A C:\Users\Owner\Desktop\SITES.txt
2012-06-08 12:47 - 2012-07-11 13:58 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:34 - 2012-06-05 21:34 - 01474168 ____A () C:\Users\Owner\Downloads\setup.exe
2012-06-05 11:47 - 2012-07-11 13:58 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 11:47 - 2012-07-11 13:58 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 10:26 - 2012-07-11 13:58 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-03 22:43 - 2012-06-03 18:47 - 00071680 ____A C:\Users\Owner\Documents\how to get over her.msam
2012-06-03 18:27 - 2012-06-03 18:27 - 00000812 ____A C:\Users\Public\Desktop\Market Samurai.lnk
2012-06-02 17:19 - 2012-07-09 22:26 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-07-09 22:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-07-09 22:26 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-07-09 22:26 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-07-09 22:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:12 - 2012-07-09 22:26 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:12 - 2012-07-09 22:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-07-09 22:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:12 - 2012-07-09 22:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 19:04 - 2012-07-11 13:58 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 19:03 - 2012-07-11 13:58 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-29 10:44 - 2012-01-21 09:39 - 00001887 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-05-28 12:39 - 2012-05-28 12:39 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-05-27 20:27 - 2012-05-26 00:46 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-05-27 13:21 - 2012-05-27 13:21 - 00157192 ___AH C:\Windows\System32\mlfcache.dat
2012-05-25 16:57 - 2012-05-25 16:57 - 00000052 ____A C:\Windows\System32\Console.log
2012-05-25 00:09 - 2012-05-25 00:09 - 00772552 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-25 00:09 - 2012-05-25 00:09 - 00227784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-05-25 00:09 - 2012-05-25 00:09 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-05-25 00:09 - 2012-05-25 00:09 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-05-25 00:09 - 2010-07-12 18:50 - 00687560 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-24 21:11 - 2011-01-16 12:59 - 00002467 ____A C:\Users\Owner\Desktop\FLV Producer.lnk
2012-05-15 01:37 - 2012-06-13 15:59 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-15 01:37 - 2012-06-13 15:59 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-15 01:37 - 2012-06-13 15:59 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-15 01:35 - 2012-06-13 15:59 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-15 01:33 - 2012-06-13 15:59 - 06007808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-15 01:33 - 2012-06-13 15:59 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-15 01:33 - 2012-06-13 15:59 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-05-15 01:33 - 2012-06-13 15:59 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-15 01:33 - 2012-06-13 15:59 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-15 01:32 - 2012-06-13 15:59 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-15 01:32 - 2012-06-13 15:59 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-15 01:32 - 2012-06-13 15:59 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-15 01:31 - 2012-06-13 15:59 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-15 01:31 - 2012-06-13 15:59 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-15 01:31 - 2012-06-13 15:59 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-15 01:31 - 2012-06-13 15:59 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-15 01:31 - 2012-06-13 15:59 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 01:31 - 2012-06-13 15:59 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-15 01:31 - 2012-06-13 15:59 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-15 01:31 - 2012-06-13 15:59 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-15 00:01 - 2012-06-13 15:59 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-14 22:26 - 2012-06-13 15:59 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-14 22:25 - 2012-06-13 15:59 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-14 22:24 - 2012-06-13 15:59 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-14 22:23 - 2012-06-13 15:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-07 17:00 - 2012-01-21 17:31 - 00096120 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-05 20:21 - 2012-05-05 20:21 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-01 09:03 - 2012-06-13 15:59 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-24 16:41 - 2012-04-24 16:41 - 00001854 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-04-24 16:39 - 2012-04-24 16:39 - 00000752 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-04-23 11:00 - 2012-06-13 15:59 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 11:00 - 2012-06-13 15:59 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 11:00 - 2012-06-13 15:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-21 10:29 - 2012-04-21 10:29 - 00000822 ____A C:\Users\Owner\Desktop\Impact Web Audio.lnk


ZeroAccess:
C:\Windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}
C:\Windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\@
C:\Windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\L
C:\Windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\n
C:\Windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U
C:\Windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\80000000.@
C:\Windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\800000cb.@

ZeroAccess:
C:\Users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}
C:\Users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\@
C:\Users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\L
C:\Users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\n
C:\Users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U
C:\Users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\80000000.@
C:\Users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\800000cb.@

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3070.38 MB
Available physical RAM: 2554.84 MB
Total Pagefile: 6341.79 MB
Available Pagefile: 6006.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:456 GB) (Free:110 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:1.91 GB) (Free:1.81 GB) FAT

DiskPart has encountered an error: The RPC server is unavailable.
See the System Event Log for more information.


==========================================================

Last Boot: 2012-07-13 09:56

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 mikehill200

mikehill200
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 13 July 2012 - 03:01 PM

To further help things along I went ahead and tried to run this:


= = = = = = = = = = = = = = = = = = = = = = =

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

= = = = = = = = = = = = = = = = = = = = = = =

However, my system restarted before the search was completed.

Here is a screen capture of what Security Essentials reported

.Posted Image

Edited by mikehill200, 13 July 2012 - 05:37 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 13 July 2012 - 11:57 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 mikehill200

mikehill200
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 14 July 2012 - 12:19 AM

My computer timed out and the system restarted before it had a chance to complete the process you described above. This is what was on the file.


Farbar Recovery Scan Tool Version: 13-07-2012
Ran by Owner at 2012-07-14 00:15:58
Running from E:\

================== Search: "services.exe" ===================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 14 July 2012 - 08:19 AM

It is important that you follow these instructions to get the report from FRST - if not the fixes later will not work


download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mikehill200

mikehill200
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 14 July 2012 - 10:04 AM

Before I carry this last instruction out I have a question.

When I tap the F8 key after BIOS has loaded I go into the Advanced Boot Options screen. In there it gives me several choices to consider but none of them are the Repair your computer menu item.

Here are the options I do get:

Safe mode
Safe Mode with Networking
Safe Mode with Command Prompt

Enable Boot Logging
Enable Low-Resolution video (640x480)
Last known good configuration (advanced)
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver signature Enforcement

Start Windows normally

To get the first FRST report I used Safe Mode with Command Prompt and that option timed out before the Services report could complete. Maybe I need to use a different option from the above menu.

Edited by mikehill200, 14 July 2012 - 10:05 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 14 July 2012 - 11:06 AM

Greetings

do you have the install disk because that is what sounds like will need to be used to get to the mode we need to enter



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mikehill200

mikehill200
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 14 July 2012 - 11:09 AM

Unfortunately I do not. A few years ago I had my computer repaired and a new motherboard put in. They installed Windows Vista Home Premium but the only disk they provided was the Asus Mother board chipset support DVD. If need be I can try to locate a Windows Vista Home premium disk for s=one of my friends if that's what it's going to take. Needless to say the repair company I used I will not be going back to.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 14 July 2012 - 11:36 AM

Hello

try running this it may take a few tries as windows is trying to close down on you but maybe after a time or two it will run


In the mean time - start looking for the disk from a friend in case we can't get anything else to work



Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mikehill200

mikehill200
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 14 July 2012 - 03:25 PM

Whew holy hell... I learned my lesson about Auto Start software. LOL :| After 8 auto reboots I was able to disable the autostart programs on my machine to buy some more time for ComboFix to start and go through its thing. Well that trick worked.

Computer is not auto restarting anymore (THANK YOU)

ComboFix was able to go through the process and here is the Log Report.



ComboFix 12-07-14.01 - Owner 14/07/2012 15:00:39.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.2158 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\@
c:\users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\n
c:\users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\00000001.@
c:\users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\80000000.@
c:\users\Owner\AppData\Local\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\800000cb.@
c:\users\Owner\AppData\Roaming\Help\coredb\storage
c:\users\Owner\g2mdlhlpx.exe
c:\users\Owner\GoToAssistDownloadHelper.exe
c:\windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\@
c:\windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\n
c:\windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\00000001.@
c:\windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\80000000.@
c:\windows\Installer\{cad24438-812f-0415-1a6b-d2dea1bcfae9}\U\800000cb.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 20:15 . 2012-07-14 20:15 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3525D69A-2A6E-4D23-BFD2-0FEA2E011CEB}\offreg.dll
2012-07-14 20:12 . 2012-07-14 20:15 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-07-14 20:12 . 2012-07-14 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 19:13 . 2012-07-14 15:45 -------- d-----w- C:\FRST
2012-07-13 15:05 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8932608-45E3-487A-8A47-FA1FC5393F2C}\gapaengine.dll
2012-07-13 15:04 . 2012-06-18 08:14 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3525D69A-2A6E-4D23-BFD2-0FEA2E011CEB}\mpengine.dll
2012-07-13 15:02 . 2012-07-13 15:03 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-13 03:15 . 2012-07-13 03:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-12 18:03 . 2012-07-12 18:10 -------- d-----w- c:\users\Owner\AppData\Local\Research In Motion
2012-07-12 18:03 . 2012-07-12 18:03 -------- d-----w- c:\users\Owner\AppData\Roaming\Research In Motion
2012-07-12 18:01 . 2011-07-20 20:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-07-12 18:00 . 2012-07-12 18:00 -------- d-----w- c:\programdata\Research In Motion
2012-07-12 18:00 . 2012-07-12 18:00 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-07-12 18:00 . 2012-07-12 18:00 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2012-07-12 18:00 . 2012-07-12 18:00 -------- d-----w- c:\program files\Research In Motion
2012-07-12 06:03 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:58 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 18:58 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 18:58 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 18:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 18:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 18:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 03:26 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-10 03:26 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-10 03:26 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-10 03:26 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-10 03:26 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-10 03:26 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-10 03:26 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-10 03:26 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-10 03:26 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:58 . 2012-05-29 15:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:58 . 2011-05-19 21:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-25 05:09 . 2012-05-25 05:09 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-25 05:09 . 2010-07-12 23:50 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 06:37 . 2012-06-13 20:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 20:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 20:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 20:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 20:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-13 20:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-13 20:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 20:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03 . 2012-06-13 20:59 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 20:59 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 20:59 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-23 16:00 . 2012-06-13 20:59 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-10 13:57 . 2011-04-20 23:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 22:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 23:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConferenceRS]
2011-05-26 16:15 4191424 ----a-w- c:\windows\ConferenceRS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 22:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 02:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 07:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-04-05 16:42 17356424 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3484645017-3124237956-2899751197-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 15:58]
.
2012-07-14 c:\windows\Tasks\User_Feed_Synchronization-{A89FAD69-B13F-423B-AEAE-98AF91195DFD}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=50.72.152.122
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hf1zlimo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - file:///C:/Users/Owner/Documents/My%20Webs/AFFILIATE%20COMMAND%20CENTER/affiliate_command_center.htm
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3484645017-3124237956-2899751197-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B933857-935B-CE71-73FC-F7FF60A1EFC1}*]
@Allowed: (Read) (RestrictedCode)
"iabapeamckecnadonk"=hex:63,62,6d,70,69,67,62,70,67,6b,70,61,62,6d,6f,6f,69,66,
6d,6a,6b,65,62,70,66,6c,70,68,67,65,67,6f,68,62,62,66,6f,6c,00,00
"hahkjiefkjaggkic"=hex:63,62,6d,70,69,67,62,70,67,6b,70,61,62,6d,70,6f,6e,66,
64,69,70,6b,67,67,6c,6c,64,61,6f,69,67,66,6f,6f,64,6a,62,6a,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atiesrxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-07-14 15:22:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 20:22
.
Pre-Run: 114,627,555,328 bytes free
Post-Run: 114,234,834,944 bytes free
.
- - End Of File - - 68DADFB23087510D8EBA006C27A20B6A

Edited by mikehill200, 14 July 2012 - 03:26 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 14 July 2012 - 04:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mikehill200

mikehill200
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 14 July 2012 - 05:07 PM

TDSSKiller REPORT

16:50:57.0831 0276 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
16:50:58.0221 0276 ============================================================
16:50:58.0221 0276 Current date / time: 2012/07/14 16:50:58.0221
16:50:58.0221 0276 SystemInfo:
16:50:58.0221 0276
16:50:58.0221 0276 OS Version: 6.0.6002 ServicePack: 2.0
16:50:58.0221 0276 Product type: Workstation
16:50:58.0221 0276 ComputerName: OWNER-PC
16:50:58.0221 0276 UserName: Owner
16:50:58.0221 0276 Windows directory: C:\Windows
16:50:58.0221 0276 System windows directory: C:\Windows
16:50:58.0221 0276 Processor architecture: Intel x86
16:50:58.0221 0276 Number of processors: 4
16:50:58.0221 0276 Page size: 0x1000
16:50:58.0221 0276 Boot type: Normal boot
16:50:58.0221 0276 ============================================================
16:50:59.0734 0276 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:50:59.0734 0276 Drive \Device\Harddisk1\DR1 - Size: 0x7A300000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:50:59.0734 0276 ============================================================
16:50:59.0734 0276 \Device\Harddisk0\DR0:
16:50:59.0734 0276 MBR partitions:
16:50:59.0734 0276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1385000, BlocksNum 0x39000800
16:50:59.0734 0276 \Device\Harddisk1\DR1:
16:50:59.0734 0276 MBR partitions:
16:50:59.0734 0276 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x3D0, BlocksNum 0x3D1430
16:50:59.0734 0276 ============================================================
16:50:59.0765 0276 C: <-> \Device\Harddisk0\DR0\Partition0
16:50:59.0765 0276 ============================================================
16:50:59.0765 0276 Initialize success
16:50:59.0765 0276 ============================================================
16:51:01.0590 1268 ============================================================
16:51:01.0590 1268 Scan started
16:51:01.0590 1268 Mode: Manual;
16:51:01.0590 1268 ============================================================
16:51:02.0994 1268 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:51:02.0994 1268 ACPI - ok
16:51:03.0182 1268 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:51:03.0306 1268 AdobeFlashPlayerUpdateSvc - ok
16:51:03.0478 1268 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:51:03.0494 1268 adp94xx - ok
16:51:03.0540 1268 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:51:03.0540 1268 adpahci - ok
16:51:03.0556 1268 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:51:03.0572 1268 adpu160m - ok
16:51:03.0587 1268 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:51:03.0587 1268 adpu320 - ok
16:51:03.0618 1268 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:51:03.0618 1268 AeLookupSvc - ok
16:51:03.0681 1268 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:51:03.0696 1268 AFD - ok
16:51:03.0728 1268 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:51:03.0728 1268 agp440 - ok
16:51:03.0759 1268 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:51:03.0759 1268 aic78xx - ok
16:51:03.0790 1268 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:51:03.0790 1268 ALG - ok
16:51:03.0806 1268 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:51:03.0806 1268 aliide - ok
16:51:03.0868 1268 AMD External Events Utility (2a6c17dcf9138de28ce141794484b128) C:\Windows\system32\atiesrxx.exe
16:51:03.0868 1268 AMD External Events Utility - ok
16:51:03.0884 1268 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:51:03.0899 1268 amdagp - ok
16:51:03.0915 1268 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:51:03.0915 1268 amdide - ok
16:51:03.0915 1268 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:51:03.0930 1268 AmdK7 - ok
16:51:03.0930 1268 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:51:03.0930 1268 AmdK8 - ok
16:51:04.0242 1268 amdkmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
16:51:04.0336 1268 amdkmdag - ok
16:51:04.0430 1268 amdkmdap (31de9b1ceaa9e25b141232f7f1443239) C:\Windows\system32\DRIVERS\atikmpag.sys
16:51:04.0445 1268 amdkmdap - ok
16:51:04.0476 1268 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:51:04.0476 1268 Appinfo - ok
16:51:04.0586 1268 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:51:04.0586 1268 Apple Mobile Device - ok
16:51:04.0648 1268 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:51:04.0664 1268 arc - ok
16:51:04.0726 1268 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:51:04.0742 1268 arcsas - ok
16:51:04.0773 1268 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:04.0773 1268 AsyncMac - ok
16:51:04.0788 1268 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:51:04.0788 1268 atapi - ok
16:51:05.0100 1268 atikmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
16:51:05.0147 1268 atikmdag - ok
16:51:05.0256 1268 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:51:05.0272 1268 AudioEndpointBuilder - ok
16:51:05.0272 1268 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:51:05.0272 1268 Audiosrv - ok
16:51:05.0319 1268 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:51:05.0319 1268 Beep - ok
16:51:05.0381 1268 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:51:05.0381 1268 BFE - ok
16:51:05.0412 1268 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:51:05.0412 1268 blbdrive - ok
16:51:05.0522 1268 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
16:51:05.0537 1268 Bonjour Service - ok
16:51:05.0584 1268 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:51:05.0584 1268 bowser - ok
16:51:05.0631 1268 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:51:05.0631 1268 BrFiltLo - ok
16:51:05.0646 1268 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:51:05.0646 1268 BrFiltUp - ok
16:51:05.0662 1268 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:51:05.0662 1268 Browser - ok
16:51:05.0693 1268 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:51:05.0693 1268 Brserid - ok
16:51:05.0724 1268 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:51:05.0724 1268 BrSerWdm - ok
16:51:05.0740 1268 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:51:05.0740 1268 BrUsbMdm - ok
16:51:05.0756 1268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:51:05.0756 1268 BrUsbSer - ok
16:51:05.0756 1268 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:51:05.0771 1268 BTHMODEM - ok
16:51:05.0896 1268 catchme - ok
16:51:05.0927 1268 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:51:05.0927 1268 cdfs - ok
16:51:06.0021 1268 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:51:06.0036 1268 cdrom - ok
16:51:06.0068 1268 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:51:06.0068 1268 CertPropSvc - ok
16:51:06.0083 1268 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:51:06.0083 1268 circlass - ok
16:51:06.0099 1268 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:51:06.0114 1268 CLFS - ok
16:51:06.0161 1268 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:06.0161 1268 clr_optimization_v2.0.50727_32 - ok
16:51:06.0177 1268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:06.0208 1268 clr_optimization_v4.0.30319_32 - ok
16:51:06.0224 1268 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:51:06.0224 1268 cmdide - ok
16:51:06.0239 1268 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
16:51:06.0239 1268 Compbatt - ok
16:51:06.0255 1268 COMSysApp - ok
16:51:06.0270 1268 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:51:06.0270 1268 crcdisk - ok
16:51:06.0286 1268 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:51:06.0286 1268 Crusoe - ok
16:51:06.0348 1268 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
16:51:06.0364 1268 CryptSvc - ok
16:51:06.0411 1268 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:51:06.0411 1268 DcomLaunch - ok
16:51:06.0551 1268 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:51:06.0567 1268 DfsC - ok
16:51:06.0879 1268 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:51:06.0941 1268 DFSR - ok
16:51:07.0035 1268 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:51:07.0035 1268 Dhcp - ok
16:51:07.0066 1268 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:51:07.0066 1268 disk - ok
16:51:07.0128 1268 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:51:07.0144 1268 Dnscache - ok
16:51:07.0175 1268 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:51:07.0175 1268 dot3svc - ok
16:51:07.0238 1268 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:51:07.0238 1268 Dot4 - ok
16:51:07.0269 1268 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:51:07.0269 1268 Dot4Print - ok
16:51:07.0284 1268 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:51:07.0300 1268 dot4usb - ok
16:51:07.0331 1268 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:51:07.0331 1268 DPS - ok
16:51:07.0378 1268 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:51:07.0378 1268 drmkaud - ok
16:51:07.0440 1268 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:51:07.0456 1268 DXGKrnl - ok
16:51:07.0503 1268 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:51:07.0503 1268 E1G60 - ok
16:51:07.0534 1268 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:51:07.0534 1268 EapHost - ok
16:51:07.0565 1268 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:51:07.0565 1268 Ecache - ok
16:51:07.0612 1268 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:51:07.0674 1268 ehRecvr - ok
16:51:07.0690 1268 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:51:07.0721 1268 ehSched - ok
16:51:07.0737 1268 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:51:07.0752 1268 ehstart - ok
16:51:07.0815 1268 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:51:07.0815 1268 elxstor - ok
16:51:07.0862 1268 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:51:07.0877 1268 EMDMgmt - ok
16:51:07.0908 1268 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:51:07.0908 1268 ErrDev - ok
16:51:07.0955 1268 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:51:07.0955 1268 EventSystem - ok
16:51:08.0002 1268 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:51:08.0002 1268 exfat - ok
16:51:08.0033 1268 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:51:08.0033 1268 fastfat - ok
16:51:08.0080 1268 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:51:08.0080 1268 fdc - ok
16:51:08.0111 1268 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:51:08.0111 1268 fdPHost - ok
16:51:08.0111 1268 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:51:08.0111 1268 FDResPub - ok
16:51:08.0142 1268 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:51:08.0142 1268 FileInfo - ok
16:51:08.0174 1268 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:51:08.0174 1268 Filetrace - ok
16:51:08.0298 1268 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:51:08.0330 1268 FLEXnet Licensing Service - ok
16:51:08.0345 1268 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:08.0345 1268 flpydisk - ok
16:51:08.0408 1268 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:51:08.0423 1268 FltMgr - ok
16:51:08.0486 1268 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:51:08.0517 1268 FontCache - ok
16:51:08.0564 1268 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:51:08.0564 1268 FontCache3.0.0.0 - ok
16:51:08.0610 1268 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
16:51:08.0610 1268 Fs_Rec - ok
16:51:08.0626 1268 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:51:08.0626 1268 gagp30kx - ok
16:51:08.0673 1268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:51:08.0673 1268 GEARAspiWDM - ok
16:51:08.0704 1268 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:51:08.0704 1268 gpsvc - ok
16:51:08.0751 1268 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
16:51:08.0751 1268 HdAudAddService - ok
16:51:08.0798 1268 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:51:08.0813 1268 HDAudBus - ok
16:51:08.0829 1268 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:51:08.0829 1268 HidBth - ok
16:51:08.0844 1268 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:51:08.0844 1268 HidIr - ok
16:51:08.0876 1268 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
16:51:08.0876 1268 hidserv - ok
16:51:08.0891 1268 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:51:08.0891 1268 HidUsb - ok
16:51:08.0907 1268 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:51:08.0938 1268 hkmsvc - ok
16:51:08.0985 1268 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:51:08.0985 1268 HpCISSs - ok
16:51:09.0172 1268 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:51:09.0188 1268 hpqcxs08 - ok
16:51:09.0188 1268 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:51:09.0328 1268 hpqddsvc - ok
16:51:09.0375 1268 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:51:09.0375 1268 HTTP - ok
16:51:09.0422 1268 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:51:09.0468 1268 i2omp - ok
16:51:09.0546 1268 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:51:09.0578 1268 i8042prt - ok
16:51:09.0609 1268 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:51:09.0624 1268 iaStorV - ok
16:51:09.0858 1268 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:51:10.0046 1268 idsvc - ok
16:51:10.0124 1268 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:51:10.0124 1268 iirsp - ok
16:51:10.0186 1268 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:51:10.0186 1268 IKEEXT - ok
16:51:10.0295 1268 IntcAzAudAddService (15d839bb1bd1bde95aae98b10ad88d8c) C:\Windows\system32\drivers\RTKVHDA.sys
16:51:10.0358 1268 IntcAzAudAddService - ok
16:51:10.0498 1268 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:51:10.0498 1268 intelide - ok
16:51:10.0514 1268 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:51:10.0529 1268 intelppm - ok
16:51:10.0560 1268 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:51:10.0560 1268 IPBusEnum - ok
16:51:10.0592 1268 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:10.0592 1268 IpFilterDriver - ok
16:51:10.0716 1268 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:51:10.0732 1268 iphlpsvc - ok
16:51:10.0732 1268 IpInIp - ok
16:51:10.0763 1268 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:51:10.0763 1268 IPMIDRV - ok
16:51:10.0779 1268 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:51:10.0779 1268 IPNAT - ok
16:51:10.0904 1268 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
16:51:10.0935 1268 iPod Service - ok
16:51:10.0950 1268 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:51:10.0950 1268 IRENUM - ok
16:51:10.0982 1268 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:51:10.0997 1268 isapnp - ok
16:51:11.0044 1268 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:51:11.0044 1268 iScsiPrt - ok
16:51:11.0060 1268 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:51:11.0060 1268 iteatapi - ok
16:51:11.0091 1268 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:51:11.0106 1268 iteraid - ok
16:51:11.0122 1268 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:51:11.0138 1268 kbdclass - ok
16:51:11.0153 1268 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:51:11.0153 1268 kbdhid - ok
16:51:11.0200 1268 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:51:11.0200 1268 KeyIso - ok
16:51:11.0278 1268 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
16:51:11.0278 1268 KSecDD - ok
16:51:11.0325 1268 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:51:11.0340 1268 KtmRm - ok
16:51:11.0372 1268 L1E (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys
16:51:11.0372 1268 L1E - ok
16:51:11.0434 1268 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
16:51:11.0450 1268 LanmanServer - ok
16:51:11.0481 1268 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:51:11.0481 1268 LanmanWorkstation - ok
16:51:11.0496 1268 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:51:11.0496 1268 lltdio - ok
16:51:11.0699 1268 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:51:11.0715 1268 lltdsvc - ok
16:51:11.0730 1268 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:51:11.0730 1268 lmhosts - ok
16:51:11.0762 1268 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:51:11.0762 1268 LSI_FC - ok
16:51:11.0793 1268 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:51:11.0793 1268 LSI_SAS - ok
16:51:11.0933 1268 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:51:11.0949 1268 LSI_SCSI - ok
16:51:12.0105 1268 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:51:12.0120 1268 luafv - ok
16:51:12.0167 1268 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
16:51:12.0183 1268 LVRS - ok
16:51:13.0322 1268 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
16:51:13.0415 1268 LVUVC - ok
16:51:13.0634 1268 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:51:13.0634 1268 Mcx2Svc - ok
16:51:13.0712 1268 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:51:13.0727 1268 MDM - ok
16:51:13.0790 1268 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:51:13.0790 1268 megasas - ok
16:51:13.0836 1268 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:51:13.0852 1268 MegaSR - ok
16:51:13.0883 1268 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:51:13.0883 1268 MMCSS - ok
16:51:13.0914 1268 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:51:13.0914 1268 Modem - ok
16:51:13.0961 1268 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:51:13.0961 1268 monitor - ok
16:51:13.0977 1268 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:51:13.0992 1268 mouclass - ok
16:51:14.0008 1268 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:51:14.0008 1268 mouhid - ok
16:51:14.0024 1268 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:51:14.0024 1268 MountMgr - ok
16:51:14.0117 1268 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:51:14.0117 1268 MozillaMaintenance - ok
16:51:14.0180 1268 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
16:51:14.0180 1268 MpFilter - ok
16:51:14.0226 1268 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:51:14.0242 1268 mpio - ok
16:51:14.0367 1268 MpKslb676a2ea - ok
16:51:14.0398 1268 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:51:14.0398 1268 mpsdrv - ok
16:51:14.0429 1268 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:51:14.0429 1268 MpsSvc - ok
16:51:14.0460 1268 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:51:14.0460 1268 Mraid35x - ok
16:51:14.0492 1268 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:51:14.0492 1268 MRxDAV - ok
16:51:14.0538 1268 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:14.0538 1268 mrxsmb - ok
16:51:14.0601 1268 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:14.0601 1268 mrxsmb10 - ok
16:51:14.0616 1268 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:14.0616 1268 mrxsmb20 - ok
16:51:14.0648 1268 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:51:14.0648 1268 msahci - ok
16:51:14.0679 1268 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:51:14.0679 1268 msdsm - ok
16:51:14.0710 1268 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:51:14.0710 1268 MSDTC - ok
16:51:14.0741 1268 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:51:14.0741 1268 Msfs - ok
16:51:14.0757 1268 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:51:14.0757 1268 msisadrv - ok
16:51:14.0788 1268 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:51:14.0788 1268 MSiSCSI - ok
16:51:14.0788 1268 msiserver - ok
16:51:14.0835 1268 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:14.0835 1268 MSKSSRV - ok
16:51:14.0913 1268 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:51:14.0913 1268 MsMpSvc - ok
16:51:14.0944 1268 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:14.0944 1268 MSPCLOCK - ok
16:51:14.0991 1268 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:51:15.0006 1268 MSPQM - ok
16:51:15.0053 1268 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:51:15.0053 1268 MsRPC - ok
16:51:15.0069 1268 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:51:15.0069 1268 mssmbios - ok
16:51:15.0084 1268 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:51:15.0084 1268 MSTEE - ok
16:51:15.0131 1268 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
16:51:15.0131 1268 MTsensor - ok
16:51:15.0162 1268 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:51:15.0162 1268 Mup - ok
16:51:15.0194 1268 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:51:15.0209 1268 napagent - ok
16:51:15.0240 1268 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:15.0240 1268 NativeWifiP - ok
16:51:15.0303 1268 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:51:15.0334 1268 NDIS - ok
16:51:15.0365 1268 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:15.0365 1268 NdisTapi - ok
16:51:15.0381 1268 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:15.0381 1268 Ndisuio - ok
16:51:15.0396 1268 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:15.0412 1268 NdisWan - ok
16:51:15.0428 1268 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:51:15.0443 1268 NDProxy - ok
16:51:15.0506 1268 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
16:51:15.0521 1268 Net Driver HPZ12 - ok
16:51:15.0537 1268 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:51:15.0537 1268 NetBIOS - ok
16:51:15.0568 1268 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:51:15.0568 1268 netbt - ok
16:51:15.0615 1268 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:51:15.0615 1268 Netlogon - ok
16:51:15.0646 1268 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:51:15.0646 1268 Netman - ok
16:51:15.0662 1268 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:51:15.0662 1268 netprofm - ok
16:51:15.0708 1268 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:51:15.0740 1268 NetTcpPortSharing - ok
16:51:15.0771 1268 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:51:15.0771 1268 nfrd960 - ok
16:51:15.0802 1268 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:51:15.0802 1268 NisDrv - ok
16:51:15.0896 1268 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:51:15.0896 1268 NisSrv - ok
16:51:15.0911 1268 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:51:15.0911 1268 NlaSvc - ok
16:51:15.0942 1268 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:51:15.0942 1268 Npfs - ok
16:51:15.0942 1268 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:51:15.0942 1268 nsi - ok
16:51:15.0958 1268 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:51:15.0974 1268 nsiproxy - ok
16:51:16.0020 1268 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:51:16.0052 1268 Ntfs - ok
16:51:16.0067 1268 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:51:16.0083 1268 ntrigdigi - ok
16:51:16.0083 1268 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:51:16.0083 1268 Null - ok
16:51:16.0098 1268 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:51:16.0114 1268 nvraid - ok
16:51:16.0114 1268 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:51:16.0114 1268 nvstor - ok
16:51:16.0161 1268 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:51:16.0161 1268 nv_agp - ok
16:51:16.0161 1268 NwlnkFlt - ok
16:51:16.0161 1268 NwlnkFwd - ok
16:51:16.0223 1268 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:51:16.0223 1268 ohci1394 - ok
16:51:16.0317 1268 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:51:16.0317 1268 ose - ok
16:51:16.0364 1268 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:51:16.0379 1268 p2pimsvc - ok
16:51:16.0379 1268 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:51:16.0395 1268 p2psvc - ok
16:51:16.0410 1268 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
16:51:16.0410 1268 Parport - ok
16:51:16.0473 1268 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
16:51:16.0473 1268 partmgr - ok
16:51:16.0473 1268 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
16:51:16.0488 1268 Parvdm - ok
16:51:16.0504 1268 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:51:16.0504 1268 PcaSvc - ok
16:51:16.0535 1268 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:51:16.0535 1268 pci - ok
16:51:16.0551 1268 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:51:16.0551 1268 pciide - ok
16:51:16.0582 1268 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:51:16.0582 1268 pcmcia - ok
16:51:16.0644 1268 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:51:16.0660 1268 PEAUTH - ok
16:51:16.0738 1268 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:51:16.0769 1268 pla - ok
16:51:16.0847 1268 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:51:16.0863 1268 PlugPlay - ok
16:51:16.0925 1268 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
16:51:16.0925 1268 Pml Driver HPZ12 - ok
16:51:16.0956 1268 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:51:16.0972 1268 PNRPAutoReg - ok
16:51:16.0972 1268 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:51:16.0988 1268 PNRPsvc - ok
16:51:17.0050 1268 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:51:17.0097 1268 PolicyAgent - ok
16:51:17.0409 1268 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:17.0424 1268 PptpMiniport - ok
16:51:17.0440 1268 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:51:17.0440 1268 Processor - ok
16:51:17.0471 1268 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:51:17.0471 1268 ProfSvc - ok
16:51:17.0518 1268 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:51:17.0518 1268 ProtectedStorage - ok
16:51:17.0549 1268 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:51:17.0549 1268 PSched - ok
16:51:17.0612 1268 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:51:17.0643 1268 ql2300 - ok
16:51:17.0658 1268 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:51:17.0658 1268 ql40xx - ok
16:51:17.0705 1268 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:51:17.0705 1268 QWAVE - ok
16:51:17.0721 1268 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:51:17.0721 1268 QWAVEdrv - ok
16:51:17.0721 1268 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:17.0721 1268 RasAcd - ok
16:51:17.0752 1268 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:51:17.0752 1268 RasAuto - ok
16:51:17.0752 1268 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:17.0768 1268 Rasl2tp - ok
16:51:17.0783 1268 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:51:17.0799 1268 RasMan - ok
16:51:17.0814 1268 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:17.0814 1268 RasPppoe - ok
16:51:17.0814 1268 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:17.0814 1268 RasSstp - ok
16:51:17.0846 1268 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:17.0846 1268 rdbss - ok
16:51:17.0877 1268 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:17.0877 1268 RDPCDD - ok
16:51:17.0908 1268 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:51:17.0908 1268 rdpdr - ok
16:51:17.0924 1268 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:51:17.0924 1268 RDPENCDD - ok
16:51:17.0955 1268 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
16:51:17.0970 1268 RDPWD - ok
16:51:17.0986 1268 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:51:18.0002 1268 RemoteAccess - ok
16:51:18.0017 1268 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:51:18.0017 1268 RemoteRegistry - ok
16:51:18.0173 1268 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:51:18.0173 1268 RichVideo - ok
16:51:18.0220 1268 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\Windows\system32\Drivers\RimUsb.sys
16:51:18.0236 1268 RimUsb - ok
16:51:18.0251 1268 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys
16:51:18.0251 1268 RimVSerPort - ok
16:51:18.0298 1268 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
16:51:18.0298 1268 ROOTMODEM - ok
16:51:18.0314 1268 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:51:18.0314 1268 RpcLocator - ok
16:51:18.0360 1268 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:51:18.0376 1268 RpcSs - ok
16:51:18.0392 1268 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:18.0392 1268 rspndr - ok
16:51:18.0423 1268 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:51:18.0423 1268 SamSs - ok
16:51:18.0454 1268 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:51:18.0454 1268 sbp2port - ok
16:51:18.0485 1268 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:51:18.0501 1268 SCardSvr - ok
16:51:18.0563 1268 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:51:18.0579 1268 Schedule - ok
16:51:18.0594 1268 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:51:18.0594 1268 SCPolicySvc - ok
16:51:18.0626 1268 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:51:18.0626 1268 SDRSVC - ok
16:51:18.0657 1268 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:51:18.0657 1268 secdrv - ok
16:51:18.0672 1268 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:51:18.0672 1268 seclogon - ok
16:51:18.0688 1268 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
16:51:18.0688 1268 SENS - ok
16:51:18.0704 1268 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
16:51:18.0704 1268 Serenum - ok
16:51:18.0719 1268 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
16:51:18.0719 1268 Serial - ok
16:51:18.0766 1268 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:51:18.0766 1268 sermouse - ok
16:51:18.0797 1268 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:51:18.0797 1268 SessionEnv - ok
16:51:18.0828 1268 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:51:18.0828 1268 sffdisk - ok
16:51:18.0860 1268 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:18.0875 1268 sffp_mmc - ok
16:51:18.0875 1268 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:51:18.0875 1268 sffp_sd - ok
16:51:18.0891 1268 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:51:18.0891 1268 sfloppy - ok
16:51:18.0922 1268 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:51:18.0938 1268 SharedAccess - ok
16:51:18.0984 1268 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:51:18.0984 1268 ShellHWDetection - ok
16:51:19.0078 1268 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:51:19.0109 1268 sisagp - ok
16:51:19.0172 1268 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:51:19.0172 1268 SiSRaid2 - ok
16:51:19.0187 1268 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:51:19.0187 1268 SiSRaid4 - ok
16:51:19.0374 1268 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:51:19.0484 1268 slsvc - ok
16:51:19.0562 1268 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:51:19.0562 1268 SLUINotify - ok
16:51:19.0593 1268 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:51:19.0593 1268 Smb - ok
16:51:19.0608 1268 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:51:19.0608 1268 SNMPTRAP - ok
16:51:19.0624 1268 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:51:19.0624 1268 spldr - ok
16:51:19.0686 1268 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:51:19.0686 1268 Spooler - ok
16:51:19.0749 1268 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:51:19.0749 1268 srv - ok
16:51:19.0811 1268 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:51:19.0811 1268 srv2 - ok
16:51:19.0858 1268 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:19.0858 1268 srvnet - ok
16:51:19.0889 1268 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:51:19.0889 1268 SSDPSRV - ok
16:51:19.0920 1268 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:51:19.0920 1268 SstpSvc - ok
16:51:19.0967 1268 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:51:19.0983 1268 stisvc - ok
16:51:20.0014 1268 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:51:20.0014 1268 swenum - ok
16:51:20.0045 1268 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:51:20.0108 1268 swprv - ok
16:51:20.0170 1268 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:51:20.0186 1268 Symc8xx - ok
16:51:20.0248 1268 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:51:20.0248 1268 Sym_hi - ok
16:51:20.0342 1268 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:51:20.0357 1268 Sym_u3 - ok
16:51:20.0388 1268 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:51:20.0404 1268 SysMain - ok
16:51:20.0420 1268 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:51:20.0435 1268 TabletInputService - ok
16:51:20.0466 1268 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:51:20.0466 1268 TapiSrv - ok
16:51:20.0482 1268 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:51:20.0498 1268 TBS - ok
16:51:20.0700 1268 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
16:51:20.0732 1268 Tcpip - ok
16:51:20.0732 1268 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:20.0732 1268 Tcpip6 - ok
16:51:20.0794 1268 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
16:51:20.0794 1268 tcpipreg - ok
16:51:20.0810 1268 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:51:20.0825 1268 TDPIPE - ok
16:51:20.0841 1268 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:51:20.0841 1268 TDTCP - ok
16:51:20.0872 1268 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:51:20.0872 1268 tdx - ok
16:51:20.0888 1268 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:51:20.0903 1268 TermDD - ok
16:51:20.0919 1268 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:51:20.0934 1268 TermService - ok
16:51:20.0981 1268 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:51:20.0981 1268 Themes - ok
16:51:21.0012 1268 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:51:21.0012 1268 THREADORDER - ok
16:51:21.0044 1268 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:51:21.0044 1268 TrkWks - ok
16:51:21.0106 1268 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:51:21.0106 1268 TrustedInstaller - ok
16:51:21.0184 1268 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:21.0184 1268 tssecsrv - ok
16:51:21.0215 1268 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:51:21.0215 1268 tunmp - ok
16:51:21.0246 1268 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:21.0246 1268 tunnel - ok
16:51:21.0262 1268 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:51:21.0262 1268 uagp35 - ok
16:51:21.0309 1268 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:51:21.0309 1268 udfs - ok
16:51:21.0340 1268 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:51:21.0340 1268 UI0Detect - ok
16:51:21.0356 1268 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:51:21.0356 1268 uliagpkx - ok
16:51:21.0387 1268 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:51:21.0387 1268 uliahci - ok
16:51:21.0402 1268 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:51:21.0418 1268 UlSata - ok
16:51:21.0418 1268 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:51:21.0418 1268 ulsata2 - ok
16:51:21.0512 1268 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:51:21.0512 1268 umbus - ok
16:51:21.0808 1268 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:51:21.0948 1268 upnphost - ok
16:51:21.0980 1268 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
16:51:21.0995 1268 usbaudio - ok
16:51:22.0026 1268 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:22.0026 1268 usbccgp - ok
16:51:22.0042 1268 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:51:22.0042 1268 usbcir - ok
16:51:22.0058 1268 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:51:22.0073 1268 usbehci - ok
16:51:22.0073 1268 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:51:22.0089 1268 usbhub - ok
16:51:22.0104 1268 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:51:22.0104 1268 usbohci - ok
16:51:22.0167 1268 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:51:22.0182 1268 usbprint - ok
16:51:22.0214 1268 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:22.0214 1268 USBSTOR - ok
16:51:22.0245 1268 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:51:22.0245 1268 usbuhci - ok
16:51:22.0354 1268 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:51:22.0401 1268 usbvideo - ok
16:51:22.0448 1268 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:51:22.0463 1268 UxSms - ok
16:51:22.0479 1268 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:51:22.0494 1268 vds - ok
16:51:22.0510 1268 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:22.0526 1268 vga - ok
16:51:22.0541 1268 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:51:22.0541 1268 VgaSave - ok
16:51:22.0557 1268 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:51:22.0557 1268 viaagp - ok
16:51:22.0572 1268 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:51:22.0572 1268 ViaC7 - ok
16:51:22.0604 1268 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:51:22.0604 1268 viaide - ok
16:51:22.0619 1268 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:51:22.0619 1268 volmgr - ok
16:51:22.0650 1268 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:51:22.0666 1268 volmgrx - ok
16:51:22.0697 1268 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:51:22.0697 1268 volsnap - ok
16:51:22.0728 1268 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:51:22.0744 1268 vsmraid - ok
16:51:22.0791 1268 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:51:22.0822 1268 VSS - ok
16:51:22.0838 1268 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:51:22.0853 1268 W32Time - ok
16:51:22.0884 1268 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:51:22.0884 1268 WacomPen - ok
16:51:22.0900 1268 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:22.0900 1268 Wanarp - ok
16:51:22.0900 1268 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:22.0900 1268 Wanarpv6 - ok
16:51:22.0931 1268 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:51:22.0947 1268 wcncsvc - ok
16:51:22.0978 1268 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:51:22.0978 1268 WcsPlugInService - ok
16:51:22.0994 1268 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:51:22.0994 1268 Wd - ok
16:51:23.0072 1268 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
16:51:23.0072 1268 WDC_SAM - ok
16:51:23.0212 1268 WDDMService (dbbab783009fbdf69b222641bb7831ae) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:51:23.0274 1268 WDDMService - ok
16:51:23.0306 1268 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:51:23.0321 1268 Wdf01000 - ok
16:51:23.0368 1268 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
16:51:23.0540 1268 WDFME - ok
16:51:23.0602 1268 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:51:23.0618 1268 WdiServiceHost - ok
16:51:23.0618 1268 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:51:23.0618 1268 WdiSystemHost - ok
16:51:23.0680 1268 WDSC (b30940e39d5b3218958dbd2ea3d13bcb) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
16:51:23.0727 1268 WDSC - ok
16:51:23.0758 1268 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:51:23.0774 1268 WebClient - ok
16:51:23.0820 1268 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:51:23.0836 1268 Wecsvc - ok
16:51:23.0852 1268 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:51:23.0852 1268 wercplsupport - ok
16:51:23.0883 1268 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:51:23.0883 1268 WerSvc - ok
16:51:23.0930 1268 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:51:23.0945 1268 WinDefend - ok
16:51:23.0945 1268 WinHttpAutoProxySvc - ok
16:51:23.0992 1268 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:51:23.0992 1268 Winmgmt - ok
16:51:24.0070 1268 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:51:24.0101 1268 WinRM - ok
16:51:24.0132 1268 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:51:24.0179 1268 Wlansvc - ok
16:51:24.0351 1268 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:51:24.0382 1268 wlidsvc - ok
16:51:24.0476 1268 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
16:51:24.0476 1268 WmiAcpi - ok
16:51:24.0538 1268 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:51:24.0538 1268 wmiApSrv - ok
16:51:24.0616 1268 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:51:24.0632 1268 WMPNetworkSvc - ok
16:51:24.0647 1268 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:51:24.0663 1268 WPCSvc - ok
16:51:24.0678 1268 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:51:24.0678 1268 WPDBusEnum - ok
16:51:24.0741 1268 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:51:24.0741 1268 WpdUsb - ok
16:51:24.0850 1268 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:51:24.0897 1268 WPFFontCache_v0400 - ok
16:51:24.0928 1268 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:51:24.0928 1268 ws2ifsl - ok
16:51:24.0959 1268 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
16:51:24.0959 1268 wscsvc - ok
16:51:24.0975 1268 WSearch - ok
16:51:25.0115 1268 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
16:51:25.0193 1268 wuauserv - ok
16:51:25.0287 1268 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:51:25.0287 1268 WUDFRd - ok
16:51:25.0302 1268 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:51:25.0349 1268 wudfsvc - ok
16:51:25.0349 1268 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:51:25.0505 1268 \Device\Harddisk0\DR0 - ok
16:51:25.0505 1268 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
16:51:25.0521 1268 \Device\Harddisk1\DR1 - ok
16:51:25.0521 1268 Boot (0x1200) (0a2270eff1dd51ee639522fda5b0ef1b) \Device\Harddisk0\DR0\Partition0
16:51:25.0521 1268 \Device\Harddisk0\DR0\Partition0 - ok
16:51:25.0521 1268 Boot (0x1200) (26795f78e4ab9e949d373ec23c7dceee) \Device\Harddisk1\DR1\Partition0
16:51:25.0521 1268 \Device\Harddisk1\DR1\Partition0 - ok
16:51:25.0521 1268 ============================================================
16:51:25.0521 1268 Scan finished
16:51:25.0521 1268 ============================================================
16:51:25.0536 3868 Detected object count: 0
16:51:25.0536 3868 Actual detected object count: 0




aswMBR REPORT


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 16:52:54
-----------------------------
16:52:54.519 OS Version: Windows 6.0.6002 Service Pack 2
16:52:54.519 Number of processors: 4 586 0xF0B
16:52:54.519 ComputerName: OWNER-PC UserName: Owner
16:52:55.798 Initialize success
16:53:59.680 AVAST engine defs: 12071402
16:54:02.566 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
16:54:02.566 Disk 0 Vendor: ST3500820AS SD46 Size: 476940MB BusType: 3
16:54:02.675 Disk 0 MBR read successfully
16:54:02.675 Disk 0 MBR scan
16:54:02.675 Disk 0 Windows VISTA default MBR code
16:54:02.691 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
16:54:02.722 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466945 MB offset 20467712
16:54:02.738 Disk 0 scanning sectors +976771072
16:54:02.909 Disk 0 scanning C:\Windows\system32\drivers
16:54:26.559 Service scanning
16:54:42.580 Service MpKslb676a2ea c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F952CDA2-0930-4E8B-9503-44B1930F4C99}\MpKslb676a2ea.sys **LOCKED** 32
16:55:03.063 Modules scanning
16:55:08.429 Disk 0 trace - called modules:
16:55:08.445 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
16:55:08.460 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e3d378]
16:55:08.460 3 CLASSPNP.SYS[8a5a68b3] -> nt!IofCallDriver -> [0x84b90918]
16:55:08.476 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x855b2b98]
16:55:10.239 AVAST engine scan C:\Windows
16:55:20.129 AVAST engine scan C:\Windows\system32
17:00:12.426 AVAST engine scan C:\Windows\system32\drivers
17:00:40.740 AVAST engine scan C:\Users\Owner
17:05:26.408 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
17:05:26.688 The log file has been saved successfully to "E:\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 14 July 2012 - 08:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Folder::
c:\program files\uTorrentControl2
c:\program files\Ask.com

FireFox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hf1zlimo.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4

RegNull::
[HKEY_USERS\S-1-5-21-3484645017-3124237956-2899751197-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B933857-935B-CE71-73FC-F7FF60A1EFC1}*]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mikehill200

mikehill200
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 14 July 2012 - 09:25 PM

I ran your request and everything worked perfectly from start to finish.

Played around a bit with different programs and surfed a bit online. Everything seems to be working just fine now and much faster as well. Thank you very much for your help. A donation is most definitely on the way.

Here is the latest report you requested.


ComboFix 12-07-14.01 - Owner 14/07/2012 21:08:59.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.2358 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrentControl2
c:\program files\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl2\ldrtbuTor.dll
c:\program files\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl2\prxtbuTor.dll
c:\program files\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl2\tbuTor.dll
c:\program files\uTorrentControl2\toolbar.cfg
c:\program files\uTorrentControl2\ToolbarContextMenu.xml
c:\program files\uTorrentControl2\uninstall.exe
c:\program files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 02:14 . 2012-07-15 02:14 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-07-15 02:14 . 2012-07-15 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 02:06 . 2012-07-15 02:06 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F952CDA2-0930-4E8B-9503-44B1930F4C99}\offreg.dll
2012-07-14 21:51 . 2012-07-14 21:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F952CDA2-0930-4E8B-9503-44B1930F4C99}\MpKslb676a2ea.sys
2012-07-14 21:11 . 2012-06-18 08:14 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F952CDA2-0930-4E8B-9503-44B1930F4C99}\mpengine.dll
2012-07-13 19:13 . 2012-07-14 15:45 -------- d-----w- C:\FRST
2012-07-13 15:05 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8932608-45E3-487A-8A47-FA1FC5393F2C}\gapaengine.dll
2012-07-13 15:02 . 2012-07-13 15:03 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-13 03:15 . 2012-07-13 03:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-12 18:03 . 2012-07-12 18:10 -------- d-----w- c:\users\Owner\AppData\Local\Research In Motion
2012-07-12 18:03 . 2012-07-12 18:03 -------- d-----w- c:\users\Owner\AppData\Roaming\Research In Motion
2012-07-12 18:01 . 2011-07-20 20:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-07-12 18:00 . 2012-07-12 18:00 -------- d-----w- c:\programdata\Research In Motion
2012-07-12 18:00 . 2012-07-12 18:00 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-07-12 18:00 . 2012-07-12 18:00 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2012-07-12 18:00 . 2012-07-12 18:00 -------- d-----w- c:\program files\Research In Motion
2012-07-12 06:03 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:58 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 18:58 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 18:58 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 18:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 18:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 18:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 03:26 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-10 03:26 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-10 03:26 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-10 03:26 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-10 03:26 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-10 03:26 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-10 03:26 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-10 03:26 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-10 03:26 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:58 . 2012-05-29 15:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:58 . 2011-05-19 21:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-25 05:09 . 2012-05-25 05:09 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-25 05:09 . 2010-07-12 23:50 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 06:37 . 2012-06-13 20:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 20:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 20:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 20:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 20:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-13 20:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-13 20:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 20:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03 . 2012-06-13 20:59 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 20:59 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 20:59 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-23 16:00 . 2012-06-13 20:59 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-10 13:57 . 2011-04-20 23:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 23:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConferenceRS]
2011-05-26 16:15 4191424 ----a-w- c:\windows\ConferenceRS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 22:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 02:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 07:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-04-05 16:42 17356424 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3484645017-3124237956-2899751197-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 50298994
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSLB676A2EA
*Deregistered* - 50298994
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 15:58]
.
2012-07-15 c:\windows\Tasks\User_Feed_Synchronization-{A89FAD69-B13F-423B-AEAE-98AF91195DFD}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=50.72.152.122
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hf1zlimo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - file:///C:/Users/Owner/Documents/My%20Webs/AFFILIATE%20COMMAND%20CENTER/affiliate_command_center.htm
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTor.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\uTorrentControl2\prxtbuTor.dll
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 21:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-14 21:16:03
ComboFix-quarantined-files.txt 2012-07-15 02:16
ComboFix2.txt 2012-07-14 20:22
.
Pre-Run: 112,594,944,000 bytes free
Post-Run: 112,686,690,304 bytes free
.
- - End Of File - - 04B2B4686FF8208BB4614E3E9C33A564

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 14 July 2012 - 09:30 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users