Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can only boot in safe mode after running MBAM


  • This topic is locked This topic is locked
23 replies to this topic

#1 dasoup

dasoup

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 July 2012 - 05:39 AM

Greetings,

I'm not sure exactly what is going on, but I'm pretty sure the computer is infected with something. I'm running Vista Home Premium 32bit on a Gateway laptop. After a visit from family (including a teenage son) my laptop was very slow and at times unresponsive. Worried that something was wrong, I ran MBAM (first time I went to use my laptop I saw that someone/something had disabled AVAST free antivirus). MBAM ran and detected no problems (I think), but then when I went to exit the program my laptop would not respond to any input from the touch pad or mouse clicks. I waited for over 20 minutes and could still not get anything to respond (I could see my desktop, but could not click on anything or do anything). I finally had to hold the power button to get the laptop to reboot. When the computer rebooted I chose start windows normally and it brought me to the windows log in screen. I entered my password as usual. As Windows started up it came to my desktop as usual, but then it was frozen and I could not click on anything or navigate anywhere. I waited for almost an hour with no response from the computer. I, again, had to hold the power button to reboot. When the computer started up, I chose safe mode with networking and was able to start up windows and get to the internet. Thinking he was helping, my friend told me to run Rkill, and then run Combofix; I agreed. Rkill ran, found no processes that it needed to shut down. Combofix started, told me it had detected zeroaccess rootkit and that it needed to reboot. It rebooted and brought me back to my normal windows log in screen. I logged in, got to my desktop, but everything was frozen as before. I held the power button down to restart, logged back in to safe mode, and now I am here. I started reading on the forums...I know now that I should not have ran Combofix without being guided/directed by someone!!! I'm here, better educated (hopefully), and asking for help to fix my laptop. My DDS.txt log and my GMER log are pasted below. And my attach.txt is attached. Thanks for all your help in advance.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Dixie at 22:58:28 on 2012-07-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.2436 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-7305u
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-7305u
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-7305u
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\readerAppHelper.exe
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [<NO NAME>]
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\dixie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{303BC344-9B58-4EB4-97AD-724DA608135B} : DhcpNameServer = 64.233.222.2 64.233.222.7
TCP: Interfaces\{6B1A4A78-F56C-4654-8D2F-BCA66334676B} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: SDNotify - c:\program files\max spyware detector\SDNotify.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-11 43608]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-8 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-8 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-8 20568]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-8 55128]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-8 44768]
S2 ETService;Empowering Technology Service;c:\program files\gateway\gateway recovery management\service\ETService.exe [2008-9-22 24576]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate1ca79f09288c2ba;Google Update Service (gupdate1ca79f09288c2ba);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 133104]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-21 1153368]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-22 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 133104]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-18 112128]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-8-18 3658752]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2012-07-21 02:22:40 -------- d-s---w- C:\ComboFix
2012-07-20 04:55:07 98816 ----a-w- c:\windows\sed.exe
2012-07-20 04:55:07 518144 ----a-w- c:\windows\SWREG.exe
2012-07-20 04:55:07 256000 ----a-w- c:\windows\PEV.exe
2012-07-20 04:55:07 208896 ----a-w- c:\windows\MBR.exe
2012-07-20 02:29:09 -------- d-----w- C:\Computer Fixes
2012-07-20 02:16:42 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{61741dc4-cfd0-4cc6-aa00-eab11923e4ed}\mpengine.dll
2012-06-22 21:04:44 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 21:04:18 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 21:04:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 21:04:12 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 22:59:49.50 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-21 05:31:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: w0nr9zjv.exe; Driver: C:\Users\Dixie\AppData\Local\Temp\ugloapod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Dixie\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1432] kernel32.dll!CreateThread 75E5C90E 5 Bytes JMP 717A75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!SetWindowsHookExW 777487AD 5 Bytes JMP 717E25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CallNextHookEx 77748E3B 5 Bytes JMP 71807FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!UnhookWindowsHookEx 777498DB 5 Bytes JMP 7182ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!EnableWindow 7774CD8B 5 Bytes JMP 717E9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DefWindowProcA 7774DB88 7 Bytes JMP 717A97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CreateWindowExA 7774DC2A 5 Bytes JMP 717B362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CreateWindowExW 77751305 5 Bytes JMP 718103B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DefWindowProcW 777603B4 7 Bytes JMP 71808042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxParamW 777710B0 5 Bytes JMP 7174187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamW 77772EF5 5 Bytes JMP 71938D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxParamA 77788152 5 Bytes JMP 71938D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamA 7778847D 5 Bytes JMP 71938DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxIndirectA 7779D4D9 5 Bytes JMP 71938CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxIndirectW 7779D5D3 5 Bytes JMP 71938C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxExA 7779D639 5 Bytes JMP 71938BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxExW 7779D65D 5 Bytes JMP 71938B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] ole32.dll!OleLoadFromStream 770D1E80 5 Bytes JMP 7193955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!EnableWindow 7774CD8B 5 Bytes JMP 717E9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!DialogBoxParamW 777710B0 5 Bytes JMP 7174187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!DialogBoxIndirectParamW 77772EF5 5 Bytes JMP 71938D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!DialogBoxParamA 77788152 5 Bytes JMP 71938D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!DialogBoxIndirectParamA 7778847D 5 Bytes JMP 71938DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!MessageBoxIndirectA 7779D4D9 5 Bytes JMP 71938CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!MessageBoxIndirectW 7779D5D3 5 Bytes JMP 71938C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!MessageBoxExA 7779D639 5 Bytes JMP 71938BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1516] USER32.dll!MessageBoxExW 7779D65D 5 Bytes JMP 71938B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] kernel32.dll!CreateThread 75E5C90E 5 Bytes JMP 717A75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!SetWindowsHookExW 777487AD 5 Bytes JMP 717E25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!CallNextHookEx 77748E3B 5 Bytes JMP 71807FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!UnhookWindowsHookEx 777498DB 5 Bytes JMP 7182ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!EnableWindow 7774CD8B 5 Bytes JMP 717E9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DefWindowProcA 7774DB88 7 Bytes JMP 717A97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!CreateWindowExA 7774DC2A 5 Bytes JMP 717B362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!CreateWindowExW 77751305 5 Bytes JMP 718103B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DefWindowProcW 777603B4 7 Bytes JMP 71808042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DialogBoxParamW 777710B0 5 Bytes JMP 7174187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DialogBoxIndirectParamW 77772EF5 5 Bytes JMP 71938D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DialogBoxParamA 77788152 5 Bytes JMP 71938D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DialogBoxIndirectParamA 7778847D 5 Bytes JMP 71938DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!MessageBoxIndirectA 7779D4D9 5 Bytes JMP 71938CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!MessageBoxIndirectW 7779D5D3 5 Bytes JMP 71938C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!MessageBoxExA 7779D639 5 Bytes JMP 71938BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!MessageBoxExW 7779D65D 5 Bytes JMP 71938B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] ole32.dll!OleLoadFromStream 770D1E80 5 Bytes JMP 7193955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 AM

Posted 26 July 2012 - 05:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461726 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dasoup

dasoup
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 26 July 2012 - 05:37 PM

As requested:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Dixie at 7:02:51 on 2012-07-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.2151 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-7305u
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-7305u
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-7305u
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\readerAppHelper.exe
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [<NO NAME>]
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\dixie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{303BC344-9B58-4EB4-97AD-724DA608135B} : DhcpNameServer = 64.233.222.2 64.233.222.7
TCP: Interfaces\{6B1A4A78-F56C-4654-8D2F-BCA66334676B} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: SDNotify - c:\program files\max spyware detector\SDNotify.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-11 43608]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-8 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-8 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-8 20568]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-8 55128]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-8 44768]
S2 ETService;Empowering Technology Service;c:\program files\gateway\gateway recovery management\service\ETService.exe [2008-9-22 24576]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate1ca79f09288c2ba;Google Update Service (gupdate1ca79f09288c2ba);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 133104]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-21 1153368]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-22 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 133104]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-18 112128]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-8-18 3658752]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2012-07-21 02:22:40 -------- d-s---w- C:\ComboFix
2012-07-20 04:55:07 98816 ----a-w- c:\windows\sed.exe
2012-07-20 04:55:07 518144 ----a-w- c:\windows\SWREG.exe
2012-07-20 04:55:07 256000 ----a-w- c:\windows\PEV.exe
2012-07-20 04:55:07 208896 ----a-w- c:\windows\MBR.exe
2012-07-20 02:29:09 -------- d-----w- C:\Computer Fixes
2012-07-20 02:16:42 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{61741dc4-cfd0-4cc6-aa00-eab11923e4ed}\mpengine.dll
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 7:03:10.72 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-26 18:35:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: w0nr9zjv.exe; Driver: C:\Users\Dixie\AppData\Local\Temp\ugloapod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Dixie\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!EnableWindow 7774CD8B 5 Bytes JMP 717E9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!DialogBoxParamW 777710B0 5 Bytes JMP 7174187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!DialogBoxIndirectParamW 77772EF5 5 Bytes JMP 71938D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!DialogBoxParamA 77788152 5 Bytes JMP 71938D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!DialogBoxIndirectParamA 7778847D 5 Bytes JMP 71938DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!MessageBoxIndirectA 7779D4D9 5 Bytes JMP 71938CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!MessageBoxIndirectW 7779D5D3 5 Bytes JMP 71938C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!MessageBoxExA 7779D639 5 Bytes JMP 71938BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1460] USER32.dll!MessageBoxExW 7779D65D 5 Bytes JMP 71938B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] kernel32.dll!CreateThread 75E5C90E 5 Bytes JMP 717A75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!SetWindowsHookExW 777487AD 5 Bytes JMP 717E25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!CallNextHookEx 77748E3B 5 Bytes JMP 71807FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!UnhookWindowsHookEx 777498DB 5 Bytes JMP 7182ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!EnableWindow 7774CD8B 5 Bytes JMP 717E9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DefWindowProcA 7774DB88 7 Bytes JMP 717A97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!CreateWindowExA 7774DC2A 5 Bytes JMP 717B362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!CreateWindowExW 77751305 5 Bytes JMP 718103B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DefWindowProcW 777603B4 7 Bytes JMP 71808042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DialogBoxParamW 777710B0 5 Bytes JMP 7174187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DialogBoxIndirectParamW 77772EF5 5 Bytes JMP 71938D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DialogBoxParamA 77788152 5 Bytes JMP 71938D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DialogBoxIndirectParamA 7778847D 5 Bytes JMP 71938DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!MessageBoxIndirectA 7779D4D9 5 Bytes JMP 71938CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!MessageBoxIndirectW 7779D5D3 5 Bytes JMP 71938C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!MessageBoxExA 7779D639 5 Bytes JMP 71938BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!MessageBoxExW 7779D65D 5 Bytes JMP 71938B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] ole32.dll!OleLoadFromStream 770D1E80 5 Bytes JMP 7193955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Attached Files



#4 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:35 PM

Posted 26 July 2012 - 07:02 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Watch Topic near the top of the page, then select Immediate Notification. Click on Proceed. If it shows Stop watching topic, it means you are already subscribed.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 5 days, this topic will be closed. If you have since resolved the original problem you were having, we would appreciate you letting us know.

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#5 dasoup

dasoup
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 27 July 2012 - 08:48 AM

Hi Jack&Jill,

I've read your post and I'm still with you and my problem persists. I appreciate your help in advance!

Dasoup

#6 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:35 PM

Posted 27 July 2012 - 10:35 AM

Hello dasoup :),

Welcome to Bleeping Computer. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Board Rules and Terms of Use.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • If you do not reply within 5 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

You are running more than one Antivirus (AV) softwares:

avast! Free Antivirus
ClamWin Free Antivirus 0.95.2


Although AV is essential for keeping your computer free from viruses, having more than one AV will do more harm than protect your computer. They will not only conflict, but will slow down your computer as well. Did you pay for either one of them? Please keep the paid AV and uninstall the other. Otherwise, you will need to choose in accordance to your preference.

The same principle applies for security programs with real time protection as well. Please choose one from each category and uninstall the others:

Antimalware / antispyware programs:
Max Spyware Detector
Spybot - Search & Destroy
Windows Defender


I suggest you disable Windows Defender, then choose one from the other two to keep.

--------------------

I see signs of Combofix on your computer.

While you may see ComboFix being used quite often and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool).

Going forward, I highly recommend you heed such instructions.

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there are any rootkits present and how they could affect our tools. Thus, we use preliminary scans like DDS and GMER and their logs to map our strategy for attack.

With these logs, we can determine the infections present and decide whether to deploy ComboFix.


That said, the log it produced contains valuable information. Kindly post the ComboFix log, C:\ComboFix.txt.

If there is no log, just let me know and do not run the tool.

--------------------

Scan with RogueKiller
  • Please download RogueKiller© by Tigzy and save it to your desktop. Click here.
  • Allow the download if prompted by your security software and please close all your programs.
  • Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.
--------------------

Please post back:
1. ComboFix log, if exist
2. RogueKiller log

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#7 dasoup

dasoup
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 29 July 2012 - 04:44 PM

I've removed one of the virus scanning programs as instructed, windows defender is disable (i think!). I was unable to find a log for Combofix on the computer. The rogue killer log is below:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Dixie [Admin rights]
Mode: Scan -- Date: 07/29/2012 17:40:19

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] HelpPane.exe -- C:\Windows\helppane.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[RANDOMNAME] HKLM\[...]\Run : EKAIO2StatusMonitor (C:\Windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9A300 +++++
--- User ---
[MBR] f3502b427be9b1f59231c98f4078225e
[BSP] 778f42b45e2b172ebe53cda5162da390 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 114116 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254683136 | Size: 114117 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#8 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:35 PM

Posted 29 July 2012 - 07:14 PM

Hello dasoup :),

Please download aswMBR and save it to your desktop. Click here.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
  • Please post the contents of the log in your next reply.
--------------------

Please download Farbar Service Scanner© by farbar and save it to your desktop. Click here.
  • Double click on FSS.exe to run it.
  • Check (tick) all options:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Click on the Scan button. A log will open.
  • Please post the contents of this log. It can also be found on the desktop as FSS.txt.
--------------------

Please post back:
1. aswMBR log
2. FSS result

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#9 dasoup

dasoup
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 29 July 2012 - 10:58 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 23:04:18
-----------------------------
23:04:18.274 OS Version: Windows 6.0.6002 Service Pack 2
23:04:18.274 Number of processors: 2 586 0xF0D
23:04:18.274 ComputerName: DIXIE-PC UserName: Dixie
23:04:19.288 Initialize success
23:04:20.489 AVAST engine defs: 12062901
23:04:50.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:04:50.582 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
23:04:50.707 Disk 0 MBR read successfully
23:04:50.707 Disk 0 MBR scan
23:04:51.487 Disk 0 unknown MBR code
23:04:51.596 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
23:04:52.251 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114116 MB offset 20973568
23:04:52.345 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114117 MB offset 254683136
23:04:52.376 Disk 0 scanning sectors +488394752
23:04:53.156 Disk 0 scanning C:\Windows\system32\drivers
23:05:32.998 Service scanning
23:05:55.525 Modules scanning
23:06:05.181 Disk 0 trace - called modules:
23:06:05.212 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
23:06:05.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f0400]
23:06:05.228 3 CLASSPNP.SYS[8afa58b3] -> nt!IofCallDriver -> [0x86279608]
23:06:05.243 5 acpi.sys[82e946bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8627a028]
23:06:06.101 AVAST engine scan C:\Windows
23:06:09.627 AVAST engine scan C:\Windows\system32
23:08:13.647 AVAST engine scan C:\Windows\system32\drivers
23:09:08.668 AVAST engine scan C:\Users\Dixie
23:18:42.358 AVAST engine scan C:\ProgramData
23:52:07.420 Scan finished successfully
23:53:54.077 Disk 0 MBR has been saved successfully to "C:\Users\Dixie\Desktop\MBR.dat"
23:53:54.093 The log file has been saved successfully to "C:\Users\Dixie\Desktop\aswMBR.txt"


Farbar Service Scanner Version: 26-07-2012
Ran by Dixie (administrator) on 29-07-2012 at 23:56:35
Running from "C:\Users\Dixie\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-11 06:42] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 22:24] - [2008-01-20 22:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:35 PM

Posted 30 July 2012 - 10:57 AM

Hello dasoup :),

Based on the logs so far, I am not seeing anything obvious that fits the description of your problem, but you mentioned ZeroAccess earlier and that is not good news. I was hoping to get a confirmation with the logs but better to warn you on the possible impact now.

Your computer has/had some serious infections with rootkit/backdoor capabilities.
Sorry for the bad news. Backdoors provide outsiders full access to your computer, enabling them to record key strokes, steal passwords, spread malwares, and even using it for other illegal activities.

If your computer has been used for important or sensitive data such as online banking, shopping or any other financial transactions, I strongly recommend you to do the following:
  • Disconnect from the Internet and any network immediately.
  • Inform your financial institutions that you may be a victim of identity theft and to put a watch on all your accounts or change them.
  • Change all your online passwords from a clean computer.
  • Take any other steps that you may think is necessary to prevent financial distress due to identity theft.

Due to the backdoor functionality, your computer is compromised and can no longer be fully trusted. Many experts in the security community believe that once tainted with this type of infections, the best course of action would be a reformat and reinstall of the OS. I too strongly recommend you to format your computer. We can still attempt to clean it if you wish, but due to the severity of the infections, I cannot guarantee it will be safe or clean afterwards. It is up to you to decide. Please let me know which course of action you wish to take.

Here are some read to help you decide:
How to respond to possible ID theft and Internet fraud
When should I reformat?

--------------------

If you wish to continue, please continue below. Otherwise let me know your decision and we will take it from there.

Check if this file exists and post back its contents:
C:\QooBox\ComboFix-quarantined-files.txt

--------------------

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here.
  • Alternatively, you may get the zip version and extract the file to the desktop.
  • Double click on TDSSKiller.exe to execute it.
  • Click OK and press Start scan to begin.
  • If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT proceed other actions.
  • Then click on Continue at the lower right corner.
  • You may be prompted to reboot your computer, please consent.
  • Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
  • Please post the contents of this log.
--------------------

Please post back:
1. if you wish to continue fixing
2. and if yes, the ComboFix quarantine log if exists
3. TDSSKiller result

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#11 dasoup

dasoup
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 31 July 2012 - 10:25 AM

Jack&Jill,

I guess we might as well proceed...your warning about the security of the computer is noted and appreciated!
The combofix log does not exist.
The TDSSKiller log is below:

11:21:47.0904 1020 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:21:48.0294 1020 ============================================================
11:21:48.0294 1020 Current date / time: 2012/07/31 11:21:48.0294
11:21:48.0294 1020 SystemInfo:
11:21:48.0294 1020
11:21:48.0294 1020 OS Version: 6.0.6002 ServicePack: 2.0
11:21:48.0294 1020 Product type: Workstation
11:21:48.0294 1020 ComputerName: DIXIE-PC
11:21:48.0294 1020 UserName: Dixie
11:21:48.0294 1020 Windows directory: C:\Windows
11:21:48.0294 1020 System windows directory: C:\Windows
11:21:48.0294 1020 Processor architecture: Intel x86
11:21:48.0294 1020 Number of processors: 2
11:21:48.0294 1020 Page size: 0x1000
11:21:48.0294 1020 Boot type: Safe boot with network
11:21:48.0294 1020 ============================================================
11:21:48.0668 1020 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:21:48.0668 1020 ============================================================
11:21:48.0668 1020 \Device\Harddisk0\DR0:
11:21:48.0668 1020 MBR partitions:
11:21:48.0668 1020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000
11:21:48.0668 1020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xDEE2800
11:21:48.0668 1020 ============================================================
11:21:48.0715 1020 C: <-> \Device\Harddisk0\DR0\Partition0
11:21:48.0762 1020 D: <-> \Device\Harddisk0\DR0\Partition1
11:21:48.0762 1020 ============================================================
11:21:48.0762 1020 Initialize success
11:21:48.0762 1020 ============================================================
11:21:50.0727 1668 ============================================================
11:21:50.0727 1668 Scan started
11:21:50.0727 1668 Mode: Manual;
11:21:50.0727 1668 ============================================================
11:21:51.0414 1668 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:21:51.0429 1668 ACPI - ok
11:21:51.0507 1668 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:21:51.0507 1668 adp94xx - ok
11:21:51.0554 1668 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:21:51.0554 1668 adpahci - ok
11:21:51.0585 1668 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:21:51.0585 1668 adpu160m - ok
11:21:51.0616 1668 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:21:51.0616 1668 adpu320 - ok
11:21:51.0663 1668 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:21:51.0663 1668 AeLookupSvc - ok
11:21:51.0710 1668 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:21:51.0726 1668 AFD - ok
11:21:51.0772 1668 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:21:51.0772 1668 agp440 - ok
11:21:51.0788 1668 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:21:51.0788 1668 aic78xx - ok
11:21:51.0804 1668 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:21:51.0804 1668 ALG - ok
11:21:51.0835 1668 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:21:51.0835 1668 aliide - ok
11:21:51.0850 1668 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:21:51.0850 1668 amdagp - ok
11:21:51.0866 1668 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:21:51.0866 1668 amdide - ok
11:21:51.0882 1668 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:21:51.0882 1668 AmdK7 - ok
11:21:51.0913 1668 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:21:51.0913 1668 AmdK8 - ok
11:21:51.0960 1668 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:21:51.0960 1668 Appinfo - ok
11:21:52.0069 1668 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:21:52.0069 1668 Apple Mobile Device - ok
11:21:52.0131 1668 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:21:52.0131 1668 arc - ok
11:21:52.0178 1668 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:21:52.0178 1668 arcsas - ok
11:21:52.0240 1668 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
11:21:52.0240 1668 aswFsBlk - ok
11:21:52.0287 1668 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
11:21:52.0287 1668 aswMonFlt - ok
11:21:52.0303 1668 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
11:21:52.0303 1668 aswRdr - ok
11:21:52.0334 1668 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
11:21:52.0350 1668 aswSnx - ok
11:21:52.0381 1668 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
11:21:52.0381 1668 aswSP - ok
11:21:52.0396 1668 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
11:21:52.0396 1668 aswTdi - ok
11:21:52.0443 1668 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:21:52.0443 1668 AsyncMac - ok
11:21:52.0459 1668 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
11:21:52.0474 1668 atapi - ok
11:21:52.0568 1668 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
11:21:52.0584 1668 athr - ok
11:21:52.0646 1668 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:21:52.0662 1668 AudioEndpointBuilder - ok
11:21:52.0662 1668 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:21:52.0662 1668 Audiosrv - ok
11:21:52.0724 1668 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:21:52.0724 1668 avast! Antivirus - ok
11:21:52.0802 1668 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:21:52.0802 1668 Beep - ok
11:21:52.0864 1668 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:21:52.0880 1668 BFE - ok
11:21:52.0958 1668 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
11:21:53.0036 1668 BITS - ok
11:21:53.0067 1668 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:21:53.0067 1668 blbdrive - ok
11:21:53.0176 1668 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:21:53.0192 1668 Bonjour Service - ok
11:21:53.0223 1668 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:21:53.0223 1668 bowser - ok
11:21:53.0270 1668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:21:53.0270 1668 BrFiltLo - ok
11:21:53.0286 1668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:21:53.0286 1668 BrFiltUp - ok
11:21:53.0317 1668 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:21:53.0332 1668 Browser - ok
11:21:53.0364 1668 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:21:53.0364 1668 Brserid - ok
11:21:53.0379 1668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:21:53.0379 1668 BrSerWdm - ok
11:21:53.0395 1668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:21:53.0410 1668 BrUsbMdm - ok
11:21:53.0442 1668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:21:53.0442 1668 BrUsbSer - ok
11:21:53.0473 1668 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:21:53.0473 1668 BTHMODEM - ok
11:21:53.0551 1668 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
11:21:53.0551 1668 BVRPMPR5 - ok
11:21:53.0598 1668 catchme - ok
11:21:53.0660 1668 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:21:53.0660 1668 cdfs - ok
11:21:53.0722 1668 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:21:53.0722 1668 cdrom - ok
11:21:53.0754 1668 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:21:53.0754 1668 CertPropSvc - ok
11:21:53.0800 1668 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:21:53.0800 1668 circlass - ok
11:21:53.0847 1668 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:21:53.0847 1668 CLFS - ok
11:21:53.0925 1668 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:53.0925 1668 clr_optimization_v2.0.50727_32 - ok
11:21:53.0988 1668 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:21:53.0988 1668 CmBatt - ok
11:21:54.0003 1668 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:21:54.0003 1668 cmdide - ok
11:21:54.0050 1668 CnxtHdAudService (a3853f24261c4dc46c741881d6f74d06) C:\Windows\system32\drivers\CHDRT32.sys
11:21:54.0050 1668 CnxtHdAudService - ok
11:21:54.0066 1668 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:21:54.0066 1668 Compbatt - ok
11:21:54.0066 1668 COMSysApp - ok
11:21:54.0097 1668 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:21:54.0097 1668 crcdisk - ok
11:21:54.0112 1668 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:21:54.0112 1668 Crusoe - ok
11:21:54.0175 1668 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
11:21:54.0175 1668 CryptSvc - ok
11:21:54.0253 1668 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:21:54.0268 1668 DcomLaunch - ok
11:21:54.0300 1668 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:21:54.0300 1668 DfsC - ok
11:21:54.0471 1668 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:21:54.0502 1668 DFSR - ok
11:21:54.0674 1668 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:21:54.0674 1668 Dhcp - ok
11:21:54.0736 1668 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:21:54.0736 1668 disk - ok
11:21:54.0768 1668 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:21:54.0768 1668 Dnscache - ok
11:21:54.0830 1668 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:21:54.0846 1668 dot3svc - ok
11:21:54.0861 1668 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:21:54.0877 1668 DPS - ok
11:21:54.0908 1668 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:21:54.0908 1668 drmkaud - ok
11:21:54.0970 1668 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:21:54.0986 1668 DXGKrnl - ok
11:21:55.0033 1668 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:21:55.0033 1668 E1G60 - ok
11:21:55.0095 1668 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:21:55.0095 1668 EapHost - ok
11:21:55.0173 1668 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:21:55.0173 1668 Ecache - ok
11:21:55.0236 1668 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:21:55.0251 1668 ehRecvr - ok
11:21:55.0267 1668 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:21:55.0267 1668 ehSched - ok
11:21:55.0314 1668 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:21:55.0314 1668 ehstart - ok
11:21:55.0376 1668 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:21:55.0392 1668 elxstor - ok
11:21:55.0470 1668 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:21:55.0470 1668 EMDMgmt - ok
11:21:55.0501 1668 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:21:55.0501 1668 ErrDev - ok
11:21:55.0641 1668 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
11:21:55.0641 1668 ETService - ok
11:21:55.0704 1668 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:21:55.0704 1668 EventSystem - ok
11:21:55.0750 1668 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:21:55.0766 1668 exfat - ok
11:21:55.0813 1668 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:21:55.0813 1668 fastfat - ok
11:21:55.0844 1668 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:21:55.0844 1668 fdc - ok
11:21:55.0875 1668 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:21:55.0875 1668 fdPHost - ok
11:21:55.0891 1668 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:21:55.0891 1668 FDResPub - ok
11:21:55.0938 1668 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:21:55.0938 1668 FileInfo - ok
11:21:55.0953 1668 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:21:55.0953 1668 Filetrace - ok
11:21:55.0969 1668 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:21:55.0969 1668 flpydisk - ok
11:21:56.0031 1668 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:21:56.0031 1668 FltMgr - ok
11:21:56.0140 1668 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
11:21:56.0156 1668 FontCache - ok
11:21:56.0218 1668 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:56.0218 1668 FontCache3.0.0.0 - ok
11:21:56.0250 1668 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:21:56.0250 1668 Fs_Rec - ok
11:21:56.0281 1668 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:21:56.0281 1668 gagp30kx - ok
11:21:56.0390 1668 GameConsoleService (58f9ee8357271a5529cccbd35a80e599) C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
11:21:56.0390 1668 GameConsoleService - ok
11:21:56.0452 1668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
11:21:56.0452 1668 GEARAspiWDM - ok
11:21:56.0546 1668 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:21:56.0562 1668 GoogleDesktopManager-051210-111108 - ok
11:21:56.0624 1668 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:21:56.0640 1668 gpsvc - ok
11:21:56.0702 1668 gupdate1ca79f09288c2ba (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:56.0718 1668 gupdate1ca79f09288c2ba - ok
11:21:56.0749 1668 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:56.0749 1668 gupdatem - ok
11:21:56.0796 1668 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:21:56.0811 1668 gusvc - ok
11:21:56.0842 1668 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:21:56.0842 1668 HdAudAddService - ok
11:21:56.0889 1668 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:21:56.0889 1668 HDAudBus - ok
11:21:56.0920 1668 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:21:56.0920 1668 HidBth - ok
11:21:56.0936 1668 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:21:56.0936 1668 HidIr - ok
11:21:56.0998 1668 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
11:21:56.0998 1668 hidserv - ok
11:21:57.0014 1668 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:21:57.0014 1668 HidUsb - ok
11:21:57.0045 1668 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:21:57.0045 1668 hkmsvc - ok
11:21:57.0061 1668 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:21:57.0061 1668 HpCISSs - ok
11:21:57.0123 1668 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:21:57.0123 1668 HSFHWAZL - ok
11:21:57.0217 1668 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:21:57.0232 1668 HSF_DPV - ok
11:21:57.0279 1668 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:21:57.0279 1668 HSXHWAZL - ok
11:21:57.0326 1668 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:21:57.0342 1668 HTTP - ok
11:21:57.0373 1668 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:21:57.0373 1668 i2omp - ok
11:21:57.0435 1668 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:21:57.0435 1668 i8042prt - ok
11:21:57.0576 1668 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:21:57.0591 1668 IAANTMON - ok
11:21:57.0622 1668 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
11:21:57.0622 1668 iaStor - ok
11:21:57.0669 1668 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:21:57.0669 1668 iaStorV - ok
11:21:57.0778 1668 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:21:57.0810 1668 idsvc - ok
11:21:58.0356 1668 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:21:58.0543 1668 igfx - ok
11:21:58.0668 1668 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:21:58.0668 1668 iirsp - ok
11:21:58.0730 1668 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:21:58.0730 1668 IKEEXT - ok
11:21:58.0761 1668 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
11:21:58.0777 1668 int15 - ok
11:21:58.0808 1668 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
11:21:58.0824 1668 IntcHdmiAddService - ok
11:21:58.0839 1668 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:21:58.0855 1668 intelide - ok
11:21:58.0902 1668 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:21:58.0902 1668 intelppm - ok
11:21:58.0948 1668 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:21:58.0948 1668 IPBusEnum - ok
11:21:58.0964 1668 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:21:58.0964 1668 IpFilterDriver - ok
11:21:59.0011 1668 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:21:59.0011 1668 iphlpsvc - ok
11:21:59.0011 1668 IpInIp - ok
11:21:59.0042 1668 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:21:59.0042 1668 IPMIDRV - ok
11:21:59.0058 1668 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:21:59.0058 1668 IPNAT - ok
11:21:59.0151 1668 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
11:21:59.0167 1668 iPod Service - ok
11:21:59.0198 1668 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:21:59.0198 1668 IRENUM - ok
11:21:59.0214 1668 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:21:59.0214 1668 isapnp - ok
11:21:59.0276 1668 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:21:59.0292 1668 iScsiPrt - ok
11:21:59.0307 1668 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:21:59.0307 1668 iteatapi - ok
11:21:59.0338 1668 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:21:59.0338 1668 iteraid - ok
11:21:59.0354 1668 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:21:59.0354 1668 kbdclass - ok
11:21:59.0385 1668 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:21:59.0385 1668 kbdhid - ok
11:21:59.0416 1668 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:21:59.0416 1668 KeyIso - ok
11:21:59.0541 1668 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
11:21:59.0541 1668 Kodak AiO Network Discovery Service - ok
11:21:59.0604 1668 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
11:21:59.0619 1668 KSecDD - ok
11:21:59.0697 1668 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:21:59.0697 1668 KtmRm - ok
11:21:59.0744 1668 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
11:21:59.0760 1668 LanmanServer - ok
11:21:59.0791 1668 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:21:59.0806 1668 LanmanWorkstation - ok
11:21:59.0838 1668 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:21:59.0838 1668 lltdio - ok
11:21:59.0884 1668 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:21:59.0884 1668 lltdsvc - ok
11:21:59.0900 1668 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:21:59.0900 1668 lmhosts - ok
11:21:59.0931 1668 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:21:59.0931 1668 LSI_FC - ok
11:21:59.0947 1668 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:21:59.0947 1668 LSI_SAS - ok
11:21:59.0962 1668 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:21:59.0962 1668 LSI_SCSI - ok
11:21:59.0978 1668 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:21:59.0994 1668 luafv - ok
11:22:00.0072 1668 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
11:22:00.0072 1668 McComponentHostService - ok
11:22:00.0103 1668 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:22:00.0103 1668 Mcx2Svc - ok
11:22:00.0134 1668 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:22:00.0134 1668 mdmxsdk - ok
11:22:00.0181 1668 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:22:00.0181 1668 megasas - ok
11:22:00.0259 1668 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:22:00.0259 1668 MegaSR - ok
11:22:00.0290 1668 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:22:00.0290 1668 MMCSS - ok
11:22:00.0290 1668 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:22:00.0306 1668 Modem - ok
11:22:00.0321 1668 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:22:00.0321 1668 monitor - ok
11:22:00.0337 1668 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:22:00.0337 1668 mouclass - ok
11:22:00.0368 1668 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:22:00.0368 1668 mouhid - ok
11:22:00.0384 1668 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:22:00.0384 1668 MountMgr - ok
11:22:00.0430 1668 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:22:00.0430 1668 mpio - ok
11:22:00.0462 1668 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:22:00.0462 1668 mpsdrv - ok
11:22:00.0524 1668 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:22:00.0524 1668 MpsSvc - ok
11:22:00.0571 1668 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:22:00.0571 1668 Mraid35x - ok
11:22:00.0602 1668 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:22:00.0602 1668 MRxDAV - ok
11:22:00.0664 1668 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:22:00.0664 1668 mrxsmb - ok
11:22:00.0727 1668 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:22:00.0727 1668 mrxsmb10 - ok
11:22:00.0758 1668 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:22:00.0758 1668 mrxsmb20 - ok
11:22:00.0805 1668 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
11:22:00.0820 1668 msahci - ok
11:22:00.0836 1668 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:22:00.0852 1668 msdsm - ok
11:22:00.0867 1668 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:22:00.0883 1668 MSDTC - ok
11:22:00.0898 1668 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:22:00.0898 1668 Msfs - ok
11:22:00.0945 1668 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:22:00.0945 1668 msisadrv - ok
11:22:00.0992 1668 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:22:00.0992 1668 MSiSCSI - ok
11:22:00.0992 1668 msiserver - ok
11:22:01.0023 1668 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:22:01.0023 1668 MSKSSRV - ok
11:22:01.0023 1668 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:22:01.0023 1668 MSPCLOCK - ok
11:22:01.0039 1668 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:22:01.0039 1668 MSPQM - ok
11:22:01.0101 1668 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:22:01.0101 1668 MsRPC - ok
11:22:01.0117 1668 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:22:01.0117 1668 mssmbios - ok
11:22:01.0132 1668 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:22:01.0132 1668 MSTEE - ok
11:22:01.0164 1668 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:22:01.0164 1668 Mup - ok
11:22:01.0195 1668 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:22:01.0210 1668 napagent - ok
11:22:01.0257 1668 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:22:01.0273 1668 NativeWifiP - ok
11:22:01.0351 1668 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:22:01.0366 1668 NDIS - ok
11:22:01.0382 1668 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:22:01.0382 1668 NdisTapi - ok
11:22:01.0398 1668 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:22:01.0398 1668 Ndisuio - ok
11:22:01.0444 1668 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:22:01.0444 1668 NdisWan - ok
11:22:01.0460 1668 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:22:01.0460 1668 NDProxy - ok
11:22:01.0460 1668 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:22:01.0460 1668 NetBIOS - ok
11:22:01.0491 1668 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:22:01.0507 1668 netbt - ok
11:22:01.0538 1668 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:22:01.0538 1668 Netlogon - ok
11:22:01.0600 1668 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:22:01.0600 1668 Netman - ok
11:22:01.0616 1668 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:22:01.0632 1668 netprofm - ok
11:22:01.0710 1668 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:22:01.0710 1668 NetTcpPortSharing - ok
11:22:01.0959 1668 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
11:22:02.0006 1668 NETw5v32 - ok
11:22:02.0131 1668 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:22:02.0131 1668 nfrd960 - ok
11:22:02.0162 1668 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:22:02.0178 1668 NlaSvc - ok
11:22:02.0209 1668 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:22:02.0209 1668 Npfs - ok
11:22:02.0224 1668 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:22:02.0224 1668 nsi - ok
11:22:02.0240 1668 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:22:02.0240 1668 nsiproxy - ok
11:22:02.0318 1668 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:22:02.0334 1668 Ntfs - ok
11:22:02.0349 1668 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:22:02.0349 1668 ntrigdigi - ok
11:22:02.0365 1668 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:22:02.0365 1668 Null - ok
11:22:02.0380 1668 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:22:02.0380 1668 nvraid - ok
11:22:02.0396 1668 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:22:02.0396 1668 nvstor - ok
11:22:02.0412 1668 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:22:02.0412 1668 nv_agp - ok
11:22:02.0412 1668 NwlnkFlt - ok
11:22:02.0427 1668 NwlnkFwd - ok
11:22:02.0490 1668 o2flash (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
11:22:02.0505 1668 o2flash - ok
11:22:02.0536 1668 O2MDRDR (16dfa5eff3f104c1d66bcb60c06a101f) C:\Windows\system32\DRIVERS\o2media.sys
11:22:02.0536 1668 O2MDRDR - ok
11:22:02.0583 1668 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys
11:22:02.0583 1668 O2SDRDR - ok
11:22:02.0739 1668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:22:02.0739 1668 odserv - ok
11:22:02.0802 1668 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:22:02.0802 1668 ohci1394 - ok
11:22:02.0833 1668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:22:02.0833 1668 ose - ok
11:22:02.0911 1668 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:22:02.0926 1668 p2pimsvc - ok
11:22:02.0926 1668 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:22:02.0942 1668 p2psvc - ok
11:22:02.0958 1668 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:22:02.0973 1668 Parport - ok
11:22:02.0989 1668 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:22:02.0989 1668 partmgr - ok
11:22:03.0004 1668 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:22:03.0020 1668 Parvdm - ok
11:22:03.0036 1668 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:22:03.0036 1668 PcaSvc - ok
11:22:03.0098 1668 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:22:03.0098 1668 pci - ok
11:22:03.0114 1668 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:22:03.0114 1668 pciide - ok
11:22:03.0160 1668 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:22:03.0160 1668 pcmcia - ok
11:22:03.0254 1668 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:22:03.0270 1668 PEAUTH - ok
11:22:03.0394 1668 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:22:03.0410 1668 pla - ok
11:22:03.0550 1668 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:22:03.0550 1668 PlugPlay - ok
11:22:03.0628 1668 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:22:03.0628 1668 PNRPAutoReg - ok
11:22:03.0644 1668 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:22:03.0644 1668 PNRPsvc - ok
11:22:03.0706 1668 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:22:03.0706 1668 PolicyAgent - ok
11:22:03.0769 1668 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:22:03.0769 1668 PptpMiniport - ok
11:22:03.0816 1668 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:22:03.0816 1668 Processor - ok
11:22:03.0878 1668 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:22:03.0894 1668 ProfSvc - ok
11:22:03.0925 1668 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:22:03.0925 1668 ProtectedStorage - ok
11:22:03.0972 1668 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:22:03.0972 1668 PSched - ok
11:22:03.0972 1668 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
11:22:03.0972 1668 PxHelp20 - ok
11:22:04.0081 1668 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:22:04.0112 1668 ql2300 - ok
11:22:04.0128 1668 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:22:04.0128 1668 ql40xx - ok
11:22:04.0159 1668 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:22:04.0174 1668 QWAVE - ok
11:22:04.0190 1668 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:22:04.0190 1668 QWAVEdrv - ok
11:22:04.0206 1668 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:22:04.0206 1668 RasAcd - ok
11:22:04.0221 1668 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:22:04.0221 1668 RasAuto - ok
11:22:04.0252 1668 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:22:04.0252 1668 Rasl2tp - ok
11:22:04.0299 1668 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:22:04.0315 1668 RasMan - ok
11:22:04.0362 1668 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:22:04.0362 1668 RasPppoe - ok
11:22:04.0377 1668 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:22:04.0377 1668 RasSstp - ok
11:22:04.0408 1668 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:22:04.0424 1668 rdbss - ok
11:22:04.0440 1668 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:22:04.0440 1668 RDPCDD - ok
11:22:04.0471 1668 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:22:04.0471 1668 rdpdr - ok
11:22:04.0486 1668 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:22:04.0486 1668 RDPENCDD - ok
11:22:04.0533 1668 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
11:22:04.0549 1668 RDPWD - ok
11:22:04.0580 1668 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:22:04.0580 1668 RemoteAccess - ok
11:22:04.0627 1668 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:22:04.0627 1668 RemoteRegistry - ok
11:22:04.0658 1668 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:22:04.0658 1668 RpcLocator - ok
11:22:04.0720 1668 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:22:04.0736 1668 RpcSs - ok
11:22:04.0752 1668 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:22:04.0752 1668 rspndr - ok
11:22:04.0783 1668 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:22:04.0783 1668 SamSs - ok
11:22:04.0814 1668 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:22:04.0814 1668 sbp2port - ok
11:22:04.0970 1668 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
11:22:04.0986 1668 SBSDWSCService - ok
11:22:05.0017 1668 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:22:05.0032 1668 SCardSvr - ok
11:22:05.0095 1668 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:22:05.0110 1668 Schedule - ok
11:22:05.0157 1668 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:22:05.0157 1668 SCPolicySvc - ok
11:22:05.0235 1668 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
11:22:05.0235 1668 sdbus - ok
11:22:05.0266 1668 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:22:05.0266 1668 SDRSVC - ok
11:22:05.0282 1668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:22:05.0282 1668 secdrv - ok
11:22:05.0298 1668 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:22:05.0298 1668 seclogon - ok
11:22:05.0313 1668 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
11:22:05.0313 1668 SENS - ok
11:22:05.0329 1668 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:22:05.0344 1668 Serenum - ok
11:22:05.0360 1668 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:22:05.0360 1668 Serial - ok
11:22:05.0391 1668 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:22:05.0391 1668 sermouse - ok
11:22:05.0422 1668 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:22:05.0438 1668 SessionEnv - ok
11:22:05.0454 1668 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:22:05.0454 1668 sffdisk - ok
11:22:05.0469 1668 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:22:05.0469 1668 sffp_mmc - ok
11:22:05.0485 1668 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:22:05.0485 1668 sffp_sd - ok
11:22:05.0500 1668 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:22:05.0500 1668 sfloppy - ok
11:22:05.0547 1668 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:22:05.0547 1668 SharedAccess - ok
11:22:05.0610 1668 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:22:05.0625 1668 ShellHWDetection - ok
11:22:05.0641 1668 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:22:05.0641 1668 sisagp - ok
11:22:05.0656 1668 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:22:05.0656 1668 SiSRaid2 - ok
11:22:05.0688 1668 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:22:05.0688 1668 SiSRaid4 - ok
11:22:05.0922 1668 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:22:05.0984 1668 slsvc - ok
11:22:06.0124 1668 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:22:06.0140 1668 SLUINotify - ok
11:22:06.0187 1668 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:22:06.0187 1668 Smb - ok
11:22:06.0218 1668 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:22:06.0218 1668 SNMPTRAP - ok
11:22:06.0296 1668 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
11:22:06.0312 1668 Sony SCSI Helper Service - ok
11:22:06.0343 1668 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:22:06.0343 1668 spldr - ok
11:22:06.0374 1668 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:22:06.0390 1668 Spooler - ok
11:22:06.0421 1668 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:22:06.0436 1668 srv - ok
11:22:06.0468 1668 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:22:06.0468 1668 srv2 - ok
11:22:06.0499 1668 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:22:06.0499 1668 srvnet - ok
11:22:06.0530 1668 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:22:06.0530 1668 SSDPSRV - ok
11:22:06.0546 1668 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:22:06.0561 1668 SstpSvc - ok
11:22:06.0624 1668 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:22:06.0639 1668 stisvc - ok
11:22:06.0670 1668 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:22:06.0670 1668 swenum - ok
11:22:06.0717 1668 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:22:06.0733 1668 swprv - ok
11:22:06.0733 1668 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:22:06.0733 1668 Symc8xx - ok
11:22:06.0748 1668 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:22:06.0764 1668 Sym_hi - ok
11:22:06.0780 1668 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:22:06.0780 1668 Sym_u3 - ok
11:22:06.0826 1668 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
11:22:06.0826 1668 SynTP - ok
11:22:06.0904 1668 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:22:06.0904 1668 SysMain - ok
11:22:06.0936 1668 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:22:06.0951 1668 TabletInputService - ok
11:22:06.0982 1668 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:22:06.0998 1668 TapiSrv - ok
11:22:07.0014 1668 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:22:07.0029 1668 TBS - ok
11:22:07.0107 1668 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
11:22:07.0123 1668 Tcpip - ok
11:22:07.0138 1668 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
11:22:07.0138 1668 Tcpip6 - ok
11:22:07.0170 1668 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:22:07.0170 1668 tcpipreg - ok
11:22:07.0201 1668 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:22:07.0201 1668 TDPIPE - ok
11:22:07.0216 1668 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:22:07.0216 1668 TDTCP - ok
11:22:07.0248 1668 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:22:07.0263 1668 tdx - ok
11:22:07.0263 1668 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:22:07.0263 1668 TermDD - ok
11:22:07.0326 1668 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:22:07.0341 1668 TermService - ok
11:22:07.0388 1668 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:22:07.0404 1668 Themes - ok
11:22:07.0435 1668 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:22:07.0435 1668 THREADORDER - ok
11:22:07.0466 1668 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:22:07.0466 1668 TrkWks - ok
11:22:07.0528 1668 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:22:07.0544 1668 TrustedInstaller - ok
11:22:07.0560 1668 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:22:07.0575 1668 tssecsrv - ok
11:22:07.0591 1668 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:22:07.0591 1668 tunmp - ok
11:22:07.0622 1668 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:22:07.0622 1668 tunnel - ok
11:22:07.0638 1668 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:22:07.0638 1668 uagp35 - ok
11:22:07.0684 1668 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:22:07.0700 1668 udfs - ok
11:22:07.0731 1668 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:22:07.0731 1668 UI0Detect - ok
11:22:07.0731 1668 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:22:07.0731 1668 uliagpkx - ok
11:22:07.0762 1668 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:22:07.0778 1668 uliahci - ok
11:22:07.0809 1668 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:22:07.0809 1668 UlSata - ok
11:22:07.0840 1668 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:22:07.0840 1668 ulsata2 - ok
11:22:07.0872 1668 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:22:07.0887 1668 umbus - ok
11:22:07.0918 1668 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:22:07.0918 1668 upnphost - ok
11:22:07.0981 1668 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
11:22:07.0981 1668 USBAAPL - ok
11:22:08.0043 1668 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:22:08.0043 1668 usbccgp - ok
11:22:08.0074 1668 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:22:08.0074 1668 usbcir - ok
11:22:08.0106 1668 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:22:08.0106 1668 usbehci - ok
11:22:08.0137 1668 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:22:08.0152 1668 usbhub - ok
11:22:08.0168 1668 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:22:08.0168 1668 usbohci - ok
11:22:08.0184 1668 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
11:22:08.0184 1668 usbprint - ok
11:22:08.0215 1668 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:22:08.0215 1668 USBSTOR - ok
11:22:08.0230 1668 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:22:08.0230 1668 usbuhci - ok
11:22:08.0277 1668 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:22:08.0277 1668 usbvideo - ok
11:22:08.0355 1668 usnjsvc (c5b70a6aa947667ce0e5fc84a05ec8b6) C:\Program Files\MSN Messenger\usnsvc.exe
11:22:08.0371 1668 usnjsvc - ok
11:22:08.0418 1668 UVCFTR (7b8424bbaafbc127c8f55ad6007d6d6b) C:\Windows\system32\Drivers\UVCFTR_S.SYS
11:22:08.0418 1668 UVCFTR - ok
11:22:08.0449 1668 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:22:08.0449 1668 UxSms - ok
11:22:08.0511 1668 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:22:08.0527 1668 vds - ok
11:22:08.0558 1668 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:22:08.0558 1668 vga - ok
11:22:08.0574 1668 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:22:08.0574 1668 VgaSave - ok
11:22:08.0589 1668 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:22:08.0589 1668 viaagp - ok
11:22:08.0605 1668 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:22:08.0605 1668 ViaC7 - ok
11:22:08.0636 1668 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:22:08.0636 1668 viaide - ok
11:22:08.0652 1668 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:22:08.0667 1668 volmgr - ok
11:22:08.0714 1668 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:22:08.0714 1668 volmgrx - ok
11:22:08.0761 1668 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:22:08.0761 1668 volsnap - ok
11:22:08.0776 1668 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:22:08.0792 1668 vsmraid - ok
11:22:08.0917 1668 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:22:08.0932 1668 VSS - ok
11:22:08.0979 1668 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:22:08.0979 1668 W32Time - ok
11:22:09.0042 1668 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:22:09.0042 1668 WacomPen - ok
11:22:09.0057 1668 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:22:09.0057 1668 Wanarp - ok
11:22:09.0057 1668 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:22:09.0057 1668 Wanarpv6 - ok
11:22:09.0088 1668 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:22:09.0104 1668 wcncsvc - ok
11:22:09.0135 1668 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:22:09.0135 1668 WcsPlugInService - ok
11:22:09.0182 1668 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:22:09.0198 1668 Wd - ok
11:22:09.0244 1668 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:22:09.0244 1668 Wdf01000 - ok
11:22:09.0276 1668 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:22:09.0291 1668 WdiServiceHost - ok
11:22:09.0291 1668 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:22:09.0291 1668 WdiSystemHost - ok
11:22:09.0338 1668 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:22:09.0338 1668 WebClient - ok
11:22:09.0354 1668 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
11:22:09.0354 1668 Wecsvc - ok
11:22:09.0369 1668 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:22:09.0385 1668 wercplsupport - ok
11:22:09.0432 1668 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:22:09.0432 1668 WerSvc - ok
11:22:09.0494 1668 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:22:09.0510 1668 winachsf - ok
11:22:09.0603 1668 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:22:09.0603 1668 WinDefend - ok
11:22:09.0619 1668 WinHttpAutoProxySvc - ok
11:22:09.0697 1668 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:22:09.0697 1668 Winmgmt - ok
11:22:09.0744 1668 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
11:22:09.0759 1668 WinRM - ok
11:22:09.0822 1668 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:22:09.0822 1668 Wlansvc - ok
11:22:09.0868 1668 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:22:09.0868 1668 WmiAcpi - ok
11:22:09.0962 1668 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:22:09.0962 1668 wmiApSrv - ok
11:22:10.0071 1668 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:22:10.0087 1668 WMPNetworkSvc - ok
11:22:10.0149 1668 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:22:10.0149 1668 WPCSvc - ok
11:22:10.0180 1668 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
11:22:10.0196 1668 WPDBusEnum - ok
11:22:10.0243 1668 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:22:10.0243 1668 ws2ifsl - ok
11:22:10.0258 1668 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
11:22:10.0258 1668 wscsvc - ok
11:22:10.0290 1668 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:22:10.0290 1668 WSDPrintDevice - ok
11:22:10.0290 1668 WSearch - ok
11:22:10.0446 1668 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:22:10.0477 1668 wuauserv - ok
11:22:10.0617 1668 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:22:10.0617 1668 WUDFRd - ok
11:22:10.0648 1668 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:22:10.0648 1668 wudfsvc - ok
11:22:10.0695 1668 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
11:22:10.0695 1668 XAudio - ok
11:22:10.0742 1668 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
11:22:10.0742 1668 XAudioService - ok
11:22:10.0789 1668 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
11:22:10.0804 1668 yukonwlh - ok
11:22:10.0836 1668 MBR (0x1B8) (2d38f4a50470b53943a7dbd02e402e47) \Device\Harddisk0\DR0
11:22:13.0597 1668 \Device\Harddisk0\DR0 - ok
11:22:13.0612 1668 Boot (0x1200) (56c2608f0ed57582459df6948d61ba0b) \Device\Harddisk0\DR0\Partition0
11:22:13.0612 1668 \Device\Harddisk0\DR0\Partition0 - ok
11:22:13.0628 1668 Boot (0x1200) (8e0f848d06fdd01e92b242f8bc4b17f3) \Device\Harddisk0\DR0\Partition1
11:22:13.0644 1668 \Device\Harddisk0\DR0\Partition1 - ok
11:22:13.0644 1668 ============================================================
11:22:13.0644 1668 Scan finished
11:22:13.0644 1668 ============================================================
11:22:13.0644 1232 Detected object count: 0
11:22:13.0644 1232 Actual detected object count: 0
11:22:19.0884 1288 Deinitialize success

#12 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:35 PM

Posted 31 July 2012 - 10:50 AM

Hello dasoup :),

I would like you to delete the copy of ComboFix file you have and download a fresh copy.

Save it to your desktop. Click here.

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Run ComboFix
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click on ComboFix.exe and follow the prompts. Please run it in Normal Mode.
  • When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
  • If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
  • Enable back your security softwares as soon as you completed the ComboFix steps.
A detailed step by step tutorial to run ComboFix can be found here if you need help.

--------------------

Please post back:
1. ComboFix log

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#13 dasoup

dasoup
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 31 July 2012 - 07:01 PM

Jack&Jill,

I tried to follow your instructions. I deleted combofix and downloaded a clean/fresh version. I then ran the program by double clicking the icon on the desktop; it went through the expected screens and backed up the registry...it then said that it had found that the computer was infected with "zero access" (the same as before). I allowed it to keep running and it eventually said that it needed to reboot the machine. I allowed it to reboot, but when windows tried to load I simply got a blank/black screen and nothing else. After waiting for almost 30 mintues I had to hard power cycle the computer and was only able to get back here by booting in to safe mode with networking. I checked, but found no log of any type for combofix. This is almost identical to what occurred before I started seeking help. Suggestions?

#14 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:09:35 PM

Posted 01 August 2012 - 12:00 AM

Hello dasoup :),

Can you get into Normal mode?

Please try ComboFix again. Wait a little bit longer this time. If it does not work, make a reboot, then run ComboFix again.

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#15 dasoup

dasoup
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 02 August 2012 - 10:18 AM

Jack&Jill,

I CANNOT get my computer to boot normally. The only way it will boot and have any functionality is via safe mode. I tried to run combofix again and I had the same results as my previous post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users