Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security SHield 2012, sirefef trojan, sirefef virus, and rootkit 0 access TROUBLE!


  • This topic is locked This topic is locked
58 replies to this topic

#1 Brian C.

Brian C.

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 24 July 2012 - 09:42 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic462175.html ~ OB

I am running Windows Vista with Microsoft Security Essentials when i first encountered the problem. The virus shutdown MSE and the Microsoft update center, my firewall, etc. I downloaded MBAM, ran the scan, and it caught some files. Disinfected them, rebooted, rescanned, and files appeared again. (while running in safe mode with networking from the point after being infected). I followed the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-security-shield first because this is where I believe all the problems began (that is after my wife clicking on an embedded link within FB). Upon completing the entire process, I noticed I still had the sirefef trojan, sirefef virus, and rootkit 0 access as I was running MSE and MBAM right before getting the "windows (Vista) encountered a critical error and will restart" loop. I have already downloaded frst.exe and ran it thru the usb drive connected to the infected cpu.

I do not know what to do from this point on to get my cpu back to "healthy" and virus free status again ??????

Running Vista 32 bit

Edited by Orange Blossom, 24 July 2012 - 10:25 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 27 July 2012 - 12:52 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Brian C.

Brian C.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 July 2012 - 03:11 AM

Unfortunately, as I stated in the post, I can not stay logged on to the "infected cpu" because I am now getting the "Windows has encountered a critical error and your computer will shutdown in 1 minute". It then keeps doing the restart loop. I can transfer any files over on a usb drive and boot it that way.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 27 July 2012 - 02:08 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Brian C.

Brian C.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 July 2012 - 03:06 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 24-07-2012 02
Ran by SYSTEM at 27-07-2012 12:55:22
Running from I:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Brian\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Brian\...\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_SB47.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Brian\...\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [6205088 2012-07-11] (SlySoft, Inc.)
HKU\Brian\...\Run: [EPSON WorkForce 630 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S2232.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Brian\...\Policies\system: [LogonHoursAction] 2
HKU\Brian\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Casey\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Casey\...\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [6205088 2012-07-11] (SlySoft, Inc.)
HKU\Casey\...\Run: [Google Update] "C:\Users\Casey\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-06-15] (Google Inc.)
HKU\Casey\...\Run: [EPSON WorkForce 630 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Users\Casey\AppData\Local\Temp\E_SD3E4.tmp" /EF "HKCU" [201216 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\Casey\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Casey\...\Policies\system: [LogonHoursAction] 2
HKU\Casey\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Katie and Kellie\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Katie and Kellie\...\Policies\system: [LogonHoursAction] 2
HKU\Katie and Kellie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Startup: C:\Users\Casey\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

================================ Services (Whitelisted) ==================

2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] ()
3 GameConsoleService; "C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe" [238328 2009-11-13] (WildTangent, Inc.)
3 GoogleDesktopManager-110309-193829; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2009-12-04] (Google)
2 IHA_MessageCenter; "C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [290832 2011-12-12] (Verizon)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-18] (Mozilla Foundation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] ()
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)
2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-11-04] ()

========================== Drivers (Whitelisted) =============

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-05-01] (SlySoft, Inc.)
3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [671736 2009-05-05] (Broadcom Corporation)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 NVNET; C:\Windows\System32\DRIVERS\nvmfdx32.sys [292712 2010-08-12] (NVIDIA Corporation)
3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [13312 2007-10-12] (NVIDIA Corporation)
0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-24 16:30 - 2012-07-24 16:31 - 00000000 ____D C:\FRST
2012-07-24 14:00 - 2012-07-24 14:00 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-24 14:00 - 2012-07-24 14:00 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-24 14:00 - 2012-07-24 14:00 - 00000000 ____D C:\Malwarebytes
2012-07-24 14:00 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-24 13:41 - 2012-07-24 13:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-23 15:24 - 2012-07-23 15:23 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-23 15:24 - 2012-07-23 15:23 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-07-23 15:24 - 2012-07-23 15:23 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-07-23 15:24 - 2012-07-23 15:23 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-07-23 15:18 - 2012-07-23 15:18 - 00000000 ____D C:\Users\Brian\AppData\Local\Secunia PSI
2012-07-23 15:18 - 2012-07-23 15:18 - 00000000 ____D C:\Program Files\Secunia
2012-07-23 15:17 - 2012-07-23 15:17 - 03281592 ____A (Secunia) C:\Users\Brian\Downloads\PSISetup.exe
2012-07-23 12:34 - 2012-07-24 11:58 - 00000370 ____A C:\rkill.log
2012-07-23 12:32 - 2012-07-24 13:28 - 00000000 ____D C:\Users\Brian\Desktop\bleeping computer fixes
2012-07-23 12:32 - 2012-07-23 12:32 - 01012656 ____A C:\Users\Brian\Desktop\iExplore.exe
2012-07-23 11:42 - 2012-07-23 11:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-22 12:09 - 2012-07-22 12:09 - 00229672 ____A C:\Users\Brian\Downloads\CrucialScan.exe
2012-07-20 17:26 - 2012-07-20 17:26 - 00154136 ____A C:\Windows\Minidump\Mini072012-01.dmp
2012-07-20 17:25 - 2012-07-20 17:25 - 308009986 ____A C:\Windows\MEMORY.DMP
2012-07-16 11:55 - 2012-07-16 11:55 - 00000024 ____A C:\Windows\A130D77C38790C9B.log
2012-07-11 02:11 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 02:05 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 02:05 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 02:05 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 02:05 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 02:05 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 02:05 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 02:05 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 02:05 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 02:05 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 02:04 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 02:04 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 02:04 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 02:04 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 02:04 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 02:03 - 2012-07-11 02:03 - 00268690 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-10 22:13 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 22:13 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 22:13 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 22:12 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 22:12 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 22:12 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-09 20:58 - 2012-07-09 20:58 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-09 20:57 - 2012-07-09 20:57 - 00000000 ____D C:\Program Files\iPod
2012-06-27 23:52 - 2012-07-20 17:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-27 23:52 - 2012-06-27 23:52 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-27 23:52 - 2012-06-27 23:52 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla

============ 3 Months Modified Files ========================

2012-07-27 00:07 - 2012-04-09 19:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-27 00:07 - 2010-01-28 17:35 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-27 00:07 - 2009-12-06 02:15 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-27 00:04 - 2009-09-30 09:32 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-07-27 00:04 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-27 00:04 - 2006-11-02 04:47 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-27 00:04 - 2006-11-02 04:47 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 23:53 - 2006-11-02 05:01 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-24 14:02 - 2006-11-02 04:47 - 00420584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-24 14:00 - 2012-07-24 14:00 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-24 13:43 - 2009-09-30 09:22 - 01155674 ____A C:\Windows\WindowsUpdate.log
2012-07-24 13:42 - 2011-01-29 12:02 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-24 13:42 - 2010-01-28 17:35 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-24 13:42 - 2006-11-02 02:33 - 00721626 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-24 13:13 - 2012-05-30 23:25 - 00009950 ____A C:\Windows\PFRO.log
2012-07-24 11:58 - 2012-07-23 12:34 - 00000370 ____A C:\rkill.log
2012-07-24 11:36 - 2010-10-11 18:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2518569933-428209948-949076638-1001UA.job
2012-07-23 19:36 - 2010-10-11 18:57 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2518569933-428209948-949076638-1001Core.job
2012-07-23 19:22 - 2012-03-18 12:45 - 00000806 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-23 15:23 - 2012-07-23 15:24 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-23 15:23 - 2012-07-23 15:24 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-07-23 15:23 - 2012-07-23 15:24 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-07-23 15:23 - 2012-07-23 15:24 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-07-23 15:23 - 2010-05-23 08:53 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-07-23 15:17 - 2012-07-23 15:17 - 03281592 ____A (Secunia) C:\Users\Brian\Downloads\PSISetup.exe
2012-07-23 12:32 - 2012-07-23 12:32 - 01012656 ____A C:\Users\Brian\Desktop\iExplore.exe
2012-07-23 12:04 - 2010-08-09 21:53 - 00002613 ____A C:\Users\Brian\Desktop\Microsoft Word 2010.lnk
2012-07-22 12:09 - 2012-07-22 12:09 - 00229672 ____A C:\Users\Brian\Downloads\CrucialScan.exe
2012-07-20 17:26 - 2012-07-20 17:26 - 00154136 ____A C:\Windows\Minidump\Mini072012-01.dmp
2012-07-20 17:25 - 2012-07-20 17:25 - 308009986 ____A C:\Windows\MEMORY.DMP
2012-07-16 11:55 - 2012-07-16 11:55 - 00000024 ____A C:\Windows\A130D77C38790C9B.log
2012-07-16 11:55 - 2012-04-19 15:51 - 00000896 ____A C:\Users\Public\Desktop\AnyDVD.lnk
2012-07-13 16:34 - 2012-06-16 12:22 - 00002793 ____A C:\Windows\setupact.log
2012-07-12 11:28 - 2012-04-09 19:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 11:28 - 2011-06-16 21:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-11 02:06 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 02:03 - 2012-07-11 02:03 - 00268690 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-09 20:58 - 2012-07-09 20:58 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-03 12:46 - 2012-07-24 14:00 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 11:23 - 2011-09-28 19:15 - 00000440 ____A C:\Users\Katie and Kellie\Desktop\IXL.website
2012-06-28 17:09 - 2010-10-11 18:58 - 00002044 ____A C:\Users\Casey\Desktop\Google Chrome.lnk
2012-06-25 15:04 - 2012-06-25 15:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-23 13:00 - 2009-12-19 14:50 - 00000131 ___SH C:\Users\All Users\Application Data\.zreglib
2012-06-23 13:00 - 2009-12-19 14:50 - 00000131 ___SH C:\Users\All Users\.zreglib
2012-06-21 17:50 - 2012-06-21 17:50 - 00087608 ____A C:\Users\Brian\AppData\Roaming\inst.exe
2012-06-21 17:50 - 2012-06-21 17:50 - 00047360 ____A (VSO Software) C:\Users\Brian\AppData\Roaming\pcouffin.sys
2012-06-21 17:50 - 2012-06-21 17:50 - 00007887 ____A C:\Users\Brian\AppData\Roaming\pcouffin.cat
2012-06-21 17:50 - 2012-06-21 17:50 - 00000055 ____A C:\Users\Brian\AppData\Roaming\pcouffin.log
2012-06-21 17:49 - 2012-06-21 17:40 - 00001057 ____A C:\Users\Brian\AppData\Roaming\vso_ts_preview.xml
2012-06-21 17:37 - 2012-06-21 17:37 - 19788784 ____A (VSO-Software ) C:\Users\Brian\Downloads\vsoConvertXtoDVD4_setup.exe
2012-06-21 17:24 - 2010-12-23 11:40 - 00000106 ____A C:\Windows\VaultMediaClient.INI
2012-06-21 10:02 - 2009-12-18 14:28 - 00170496 ____A C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-20 20:44 - 2012-06-20 20:44 - 00117690 ____A C:\Users\Brian\Downloads\[isoHunt] Downton_Abbey_Season_2_HDTV_English_720.6925820.TPB.torrent
2012-06-20 18:28 - 2012-06-20 18:28 - 00001226 ____A C:\Users\Public\Desktop\Verizon Media Manager.lnk
2012-06-20 18:27 - 2010-12-22 12:00 - 00000000 ____A C:\Users\Brian\Install-MMLog.log
2012-06-20 18:26 - 2012-06-20 18:26 - 00706912 ____A C:\Users\Brian\Downloads\MediaManager.exe
2012-06-20 18:22 - 2010-02-12 13:31 - 00102248 ____A C:\Users\Brian\GoToAssistDownloadHelper.exe
2012-06-20 18:20 - 2012-06-20 18:20 - 00000000 ____A C:\Users\Brian\Downloads\MediaManager_exe.y4i40e7.partial
2012-06-20 18:11 - 2012-01-19 20:27 - 00016053 ____A C:\Users\Brian\Uninstall-MMlog.log
2012-06-20 14:23 - 2012-05-28 20:42 - 00000000 ____A C:\Users\Brian\Desktop\orleans listing agreement and disclosure for signature.scsgtjs.partial
2012-06-16 12:22 - 2012-06-16 12:22 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 05:40 - 2012-07-11 02:11 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 09:47 - 2012-07-10 22:13 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-07 19:56 - 2012-01-21 01:33 - 00116840 ____A C:\formatter.log
2012-06-05 08:47 - 2012-07-10 22:13 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-10 22:13 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 18:46 - 2012-06-04 18:46 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-04 07:26 - 2012-07-10 22:12 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-22 17:13 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 17:13 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 17:13 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 17:13 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-22 17:12 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 17:12 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-22 17:13 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 17:13 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-22 17:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 02:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 02:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 02:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 02:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 02:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:25 - 2012-07-11 02:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:23 - 2012-07-11 02:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 02:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 02:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 02:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 02:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 02:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 02:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 02:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-10 22:12 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-10 22:12 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-30 21:43 - 2012-05-30 21:43 - 00001894 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-28 20:49 - 2012-05-28 20:49 - 00000000 ____A C:\Users\Brian\Desktop\short sale package.rsw1qdi.partial
2012-05-28 20:45 - 2012-05-28 20:45 - 00000000 ____A C:\Users\Brian\Desktop\short sale.zjr4aad.partial
2012-05-28 20:43 - 2012-05-28 20:43 - 00000000 ____A C:\Users\Brian\Desktop\short sale.pdf.qnq863i.partial
2012-05-28 20:41 - 2012-05-28 20:41 - 00000000 ____A C:\Users\Brian\Desktop\short sale package orleans.xn12g7t.partial
2012-05-09 20:15 - 2010-01-05 12:22 - 00057344 ____A C:\Users\Casey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-03 17:18 - 2012-05-03 17:18 - 00000000 ____A C:\Users\Brian\Desktop\Form for Angelique.zvoiqso.partial
2012-05-01 17:09 - 2012-01-29 15:32 - 00000473 ____A C:\Users\Katie and Kellie\Desktop\Raz-Kids Log In.website
2012-05-01 15:35 - 2012-05-01 15:35 - 00121208 ____A (SlySoft, Inc.) C:\Windows\System32\Drivers\AnyDVD.sys
2012-05-01 06:03 - 2012-06-13 10:59 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


ZeroAccess:
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\@
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\L
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\U
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\U\00000001.@
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\U\80000000.@
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\U\800000cb.@

ZeroAccess:
C:\Users\Brian\AppData\Local\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}
C:\Users\Brian\AppData\Local\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\@
C:\Users\Brian\AppData\Local\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\L
C:\Users\Brian\AppData\Local\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 1789.94 MB
Available physical RAM: 1508.68 MB
Total Pagefile: 1731.91 MB
Available Pagefile: 1586.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1991.58 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:66.51 GB) (Free:5.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Elements) (Fixed) (Total:1863.01 GB) (Free:1450.89 GB) NTFS
4 Drive f: (DATA) (Fixed) (Total:66.53 GB) (Free:18.94 GB) NTFS
7 Drive i: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
8 Drive x: (PQSERVICE) (Fixed) (Total:16 GB) (Free:9.55 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 2533 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 1863 GB 993 KB
Disk 3 No Media 0 B 0 B
Disk 4 Online 984 MB 0 B

Partitions of Disk 0:
===============

DiskPart encountered an unexpected error.
Check the system event log for more information on the failure.

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D Elements NTFS Partition 1863 GB Healthy

==================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 984 MB 16 KB

==================================================================================

Disk: 4
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 I KINGSTON FAT Removable 984 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-24 13:45

======================= End Of Log ==========================





Farbar Recovery Scan Tool Version: 24-07-2012 02
Ran by SYSTEM at 2012-07-27 12:58:00
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-06 02:15] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2009-12-06 02:15] - [2012-07-27 00:07] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 27 July 2012 - 03:35 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}
C:\Users\Brian\AppData\Local\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Brian C.

Brian C.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 July 2012 - 03:45 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-07-2012 02
Ran by SYSTEM at 2012-07-27 13:43:32 Run:1
Running from I:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\Installer\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56} moved successfully.
C:\Users\Brian\AppData\Local\{4641fd0f-5e24-b0f7-d2c8-da3b75c8ce56} moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 27 July 2012 - 04:50 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Brian C.

Brian C.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 July 2012 - 04:53 PM

I do this on the "infected cpu" correct?

If so, how do you want me to boot that cpu now?

P.S. - Thanks for all your help so far. I did already give you a small donation. Also, I am sitting here dedicated to getting this done today, so I am constantly checking and refreshing the forum post.

THANKS!

Brian

#10 Brian C.

Brian C.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 July 2012 - 05:52 PM

ComboFix 12-07-27.03 - Brian 07/27/2012 15:17:15.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1234 [GMT -7:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian\AppData\Roaming\inst.exe
c:\users\Brian\AppData\Roaming\ixu1E2B.tmp
c:\users\Brian\AppData\Roaming\ixu2416.tmp
c:\users\Brian\AppData\Roaming\ixu28D6.tmp
c:\users\Brian\AppData\Roaming\ixu2B73.tmp
c:\users\Brian\AppData\Roaming\ixu3467.tmp
c:\users\Brian\AppData\Roaming\ixu367B.tmp
c:\users\Brian\AppData\Roaming\ixu4A64.tmp
c:\users\Brian\AppData\Roaming\ixu4C09.tmp
c:\users\Brian\AppData\Roaming\ixu53C3.tmp
c:\users\Brian\AppData\Roaming\ixu65A.tmp
c:\users\Brian\AppData\Roaming\ixu6DF6.tmp
c:\users\Brian\AppData\Roaming\ixu763B.tmp
c:\users\Brian\AppData\Roaming\ixu8D9E.tmp
c:\users\Brian\AppData\Roaming\ixu9159.tmp
c:\users\Brian\AppData\Roaming\ixu9E9B.tmp
c:\users\Brian\AppData\Roaming\ixuA0F1.tmp
c:\users\Brian\AppData\Roaming\ixuB035.tmp
c:\users\Brian\AppData\Roaming\ixuB50B.tmp
c:\users\Brian\AppData\Roaming\ixuB559.tmp
c:\users\Brian\AppData\Roaming\ixuBD0D.tmp
c:\users\Brian\AppData\Roaming\ixuBD6B.tmp
c:\users\Brian\AppData\Roaming\ixuC020.tmp
c:\users\Brian\AppData\Roaming\ixuD86E.tmp
c:\users\Brian\AppData\Roaming\ixuD91A.tmp
c:\users\Brian\AppData\Roaming\ixuDEBC.tmp
c:\users\Brian\AppData\Roaming\ixuE316.tmp
c:\users\Brian\AppData\Roaming\ixuFB07.tmp
c:\users\Brian\AppData\Roaming\ixuFBF2.tmp
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Recent\ARTICLE_SUMMARY_WORKSHEET.doc
c:\users\Brian\AppData\Roaming\vso_ts_preview.xml
c:\users\Brian\GoToAssistDownloadHelper.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 22:29 . 2012-07-27 22:29 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A22AE0B-FAD7-4DC1-B83B-DBF5B5E8F738}\offreg.dll
2012-07-27 22:27 . 2012-07-27 22:33 -------- d-----w- c:\users\Brian\AppData\Local\temp
2012-07-27 22:27 . 2012-07-27 22:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-25 00:30 . 2012-07-25 00:31 -------- d-----w- C:\FRST
2012-07-24 22:00 . 2012-07-24 22:00 -------- d-----w- C:\Malwarebytes
2012-07-24 22:00 . 2012-07-24 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-24 22:00 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 21:44 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{290EC82C-196F-4B52-9DA0-0193ABBC8D8D}\gapaengine.dll
2012-07-24 21:43 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A22AE0B-FAD7-4DC1-B83B-DBF5B5E8F738}\mpengine.dll
2012-07-24 21:41 . 2012-07-24 21:42 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-23 23:24 . 2012-07-23 23:23 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-23 23:18 . 2012-07-23 23:18 -------- d-----w- c:\users\Brian\AppData\Local\Secunia PSI
2012-07-23 23:18 . 2012-07-23 23:18 -------- d-----w- c:\program files\Secunia
2012-07-23 19:42 . 2012-07-23 19:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-11 10:11 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:04 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-11 10:04 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-11 10:04 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-11 06:13 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:13 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 06:13 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 06:12 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:12 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 06:12 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 04:57 . 2012-07-10 04:57 -------- d-----w- c:\program files\iPod
2012-06-28 07:52 . 2012-07-21 01:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-28 07:52 . 2012-07-18 17:39 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-28 07:52 . 2012-07-18 17:39 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-28 07:52 . 2012-06-28 07:52 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-28 07:52 . 2012-06-28 07:52 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 23:23 . 2010-05-23 16:53 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-12 19:28 . 2012-04-10 03:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 19:28 . 2011-06-17 05:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-22 01:50 . 2012-06-22 01:50 47360 ----a-w- c:\users\Brian\AppData\Roaming\pcouffin.sys
2012-06-02 22:19 . 2012-06-23 01:12 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-23 01:13 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 01:13 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 01:13 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 01:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 01:13 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 01:13 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 01:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-23 01:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-01 23:35 . 2012-05-01 23:35 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-05-01 14:03 . 2012-06-13 18:59 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-18 17:39 . 2011-04-04 23:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-07-11 6205088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-19 6244896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNDA3100v2 Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-05 05:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:28]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 01:34]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 01:34]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2518569933-428209948-949076638-1001Core.job
- c:\users\Casey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 03:50]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2518569933-428209948-949076638-1001UA.job
- c:\users\Casey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 03:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\zemb39kn.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\ehome\mcupdate.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-07-27 15:41:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 22:40
.
Pre-Run: 8,941,211,648 bytes free
Post-Run: 6,758,322,176 bytes free
.
- - End Of File - - 32A487239C6E2E4B010BB8F10D26C7D7




Computer status = I am able to boot up the cpu normally now (without safe mode) and sign in. After completing the combofix, it rebooted itself, i logged in again, it ran the report, I copied the report and posted. As of right now, it still sounds (the hard drive is working) like it is running programs constantly - is this normal?

#11 Brian C.

Brian C.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 July 2012 - 07:39 PM

Waiting for further instructions/support/directions/ etc.............

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 27 July 2012 - 09:32 PM

Greetings

I will be here for the next 6 hours

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Brian C.

Brian C.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 July 2012 - 11:09 PM

Here is the TDSSKiller report:
20:44:42.0901 6176 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:44:43.0618 6176 ============================================================
20:44:43.0618 6176 Current date / time: 2012/07/27 20:44:43.0618
20:44:43.0618 6176 SystemInfo:
20:44:43.0618 6176
20:44:43.0618 6176 OS Version: 6.0.6002 ServicePack: 2.0
20:44:43.0618 6176 Product type: Workstation
20:44:43.0618 6176 ComputerName: EMACHINE
20:44:43.0618 6176 UserName: Brian
20:44:43.0618 6176 Windows directory: C:\Windows
20:44:43.0618 6176 System windows directory: C:\Windows
20:44:43.0618 6176 Processor architecture: Intel x86
20:44:43.0618 6176 Number of processors: 1
20:44:43.0618 6176 Page size: 0x1000
20:44:43.0618 6176 Boot type: Normal boot
20:44:43.0618 6176 ============================================================
20:44:44.0960 6176 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:44:47.0784 6176 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:44:47.0799 6176 ============================================================
20:44:47.0799 6176 \Device\Harddisk0\DR0:
20:44:47.0815 6176 MBR partitions:
20:44:47.0815 6176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x8507800
20:44:47.0815 6176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA508019, BlocksNum 0x8510AA8
20:44:47.0815 6176 \Device\Harddisk1\DR1:
20:44:47.0830 6176 MBR partitions:
20:44:47.0830 6176 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
20:44:47.0830 6176 ============================================================
20:44:47.0846 6176 C: <-> \Device\Harddisk0\DR0\Partition0
20:44:47.0955 6176 D: <-> \Device\Harddisk0\DR0\Partition1
20:44:48.0064 6176 F: <-> \Device\Harddisk1\DR1\Partition0
20:44:48.0096 6176 ============================================================
20:44:48.0096 6176 Initialize success
20:44:48.0096 6176 ============================================================
20:44:58.0438 0488 ============================================================
20:44:58.0438 0488 Scan started
20:44:58.0438 0488 Mode: Manual;
20:44:58.0438 0488 ============================================================
20:44:58.0938 0488 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:44:58.0938 0488 ACPI - ok
20:44:59.0047 0488 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:44:59.0047 0488 AdobeARMservice - ok
20:44:59.0140 0488 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:44:59.0156 0488 AdobeFlashPlayerUpdateSvc - ok
20:44:59.0234 0488 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:44:59.0250 0488 adp94xx - ok
20:44:59.0281 0488 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:44:59.0281 0488 adpahci - ok
20:44:59.0312 0488 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:44:59.0312 0488 adpu160m - ok
20:44:59.0343 0488 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:44:59.0359 0488 adpu320 - ok
20:44:59.0421 0488 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:44:59.0421 0488 AeLookupSvc - ok
20:44:59.0577 0488 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:44:59.0577 0488 AFD - ok
20:44:59.0624 0488 AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\Windows\system32\agrsmsvc.exe
20:44:59.0624 0488 AgereModemAudio - ok
20:44:59.0686 0488 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\Windows\system32\DRIVERS\AGRSM.sys
20:44:59.0702 0488 AgereSoftModem - ok
20:44:59.0764 0488 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:44:59.0764 0488 agp440 - ok
20:44:59.0796 0488 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:44:59.0796 0488 aic78xx - ok
20:44:59.0827 0488 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:44:59.0827 0488 ALG - ok
20:44:59.0858 0488 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:44:59.0858 0488 aliide - ok
20:44:59.0889 0488 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:44:59.0889 0488 amdagp - ok
20:44:59.0920 0488 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:44:59.0920 0488 amdide - ok
20:44:59.0936 0488 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:44:59.0952 0488 AmdK7 - ok
20:44:59.0983 0488 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
20:44:59.0983 0488 AmdK8 - ok
20:45:00.0045 0488 AnyDVD (74fc9f8f2d6b80a58aebd64f496d7c09) C:\Windows\system32\Drivers\AnyDVD.sys
20:45:00.0061 0488 AnyDVD - ok
20:45:00.0108 0488 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:45:00.0108 0488 Appinfo - ok
20:45:00.0264 0488 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:45:00.0264 0488 Apple Mobile Device - ok
20:45:00.0342 0488 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:45:00.0342 0488 arc - ok
20:45:00.0373 0488 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:45:00.0373 0488 arcsas - ok
20:45:00.0404 0488 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:00.0404 0488 AsyncMac - ok
20:45:00.0451 0488 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:45:00.0451 0488 atapi - ok
20:45:00.0513 0488 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:45:00.0529 0488 AudioEndpointBuilder - ok
20:45:00.0529 0488 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:45:00.0544 0488 Audiosrv - ok
20:45:00.0638 0488 BCMH43XX (86027e0b68af21e7b8f34d26a8715fc8) C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
20:45:00.0638 0488 BCMH43XX - ok
20:45:00.0685 0488 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:45:00.0685 0488 Beep - ok
20:45:00.0732 0488 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:45:00.0732 0488 blbdrive - ok
20:45:00.0841 0488 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:45:00.0841 0488 Bonjour Service - ok
20:45:00.0903 0488 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:45:00.0903 0488 bowser - ok
20:45:00.0950 0488 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:45:00.0950 0488 BrFiltLo - ok
20:45:00.0981 0488 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:45:00.0981 0488 BrFiltUp - ok
20:45:01.0012 0488 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:45:01.0012 0488 Browser - ok
20:45:01.0044 0488 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:45:01.0044 0488 Brserid - ok
20:45:01.0075 0488 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:45:01.0075 0488 BrSerWdm - ok
20:45:01.0106 0488 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:45:01.0106 0488 BrUsbMdm - ok
20:45:01.0122 0488 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:45:01.0122 0488 BrUsbSer - ok
20:45:01.0168 0488 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:45:01.0168 0488 BTHMODEM - ok
20:45:01.0324 0488 catchme - ok
20:45:01.0371 0488 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:45:01.0371 0488 cdfs - ok
20:45:01.0418 0488 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:45:01.0418 0488 cdrom - ok
20:45:01.0465 0488 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:45:01.0465 0488 CertPropSvc - ok
20:45:01.0512 0488 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:45:01.0512 0488 circlass - ok
20:45:01.0558 0488 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:45:01.0558 0488 CLFS - ok
20:45:01.0621 0488 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:45:01.0621 0488 clr_optimization_v2.0.50727_32 - ok
20:45:01.0668 0488 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:45:01.0668 0488 clr_optimization_v4.0.30319_32 - ok
20:45:01.0714 0488 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:45:01.0714 0488 cmdide - ok
20:45:01.0730 0488 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:45:01.0730 0488 Compbatt - ok
20:45:01.0761 0488 COMSysApp - ok
20:45:01.0792 0488 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:45:01.0792 0488 crcdisk - ok
20:45:01.0824 0488 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:45:01.0824 0488 Crusoe - ok
20:45:01.0886 0488 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:45:01.0886 0488 CryptSvc - ok
20:45:01.0948 0488 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:45:01.0964 0488 DcomLaunch - ok
20:45:02.0011 0488 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:45:02.0011 0488 DfsC - ok
20:45:02.0136 0488 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:45:02.0167 0488 DFSR - ok
20:45:02.0307 0488 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:45:02.0307 0488 Dhcp - ok
20:45:02.0370 0488 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:45:02.0370 0488 disk - ok
20:45:02.0432 0488 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:45:02.0432 0488 Dnscache - ok
20:45:02.0479 0488 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:45:02.0494 0488 dot3svc - ok
20:45:02.0557 0488 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:45:02.0557 0488 Dot4 - ok
20:45:02.0588 0488 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:45:02.0588 0488 Dot4Print - ok
20:45:02.0619 0488 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:45:02.0619 0488 dot4usb - ok
20:45:02.0682 0488 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:45:02.0682 0488 DPS - ok
20:45:02.0713 0488 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:45:02.0713 0488 drmkaud - ok
20:45:02.0791 0488 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:45:02.0806 0488 DXGKrnl - ok
20:45:02.0853 0488 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:45:02.0869 0488 E1G60 - ok
20:45:02.0916 0488 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:45:02.0916 0488 EapHost - ok
20:45:02.0978 0488 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:45:02.0978 0488 Ecache - ok
20:45:03.0056 0488 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:45:03.0072 0488 ehRecvr - ok
20:45:03.0087 0488 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:45:03.0087 0488 ehSched - ok
20:45:03.0103 0488 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:45:03.0103 0488 ehstart - ok
20:45:03.0150 0488 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:45:03.0150 0488 ElbyCDIO - ok
20:45:03.0212 0488 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:45:03.0228 0488 elxstor - ok
20:45:03.0290 0488 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:45:03.0290 0488 EMDMgmt - ok
20:45:03.0337 0488 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
20:45:03.0352 0488 epmntdrv - ok
20:45:03.0477 0488 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
20:45:03.0477 0488 EpsonBidirectionalService - ok
20:45:03.0524 0488 EPSON_EB_RPCV4_04 (b92f2b3247f0a99490c1298a1d3d7b4c) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
20:45:03.0524 0488 EPSON_EB_RPCV4_04 - ok
20:45:03.0540 0488 EPSON_PM_RPCV4_04 (651336b99c75fb54e4b5971cf458f9bd) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
20:45:03.0540 0488 EPSON_PM_RPCV4_04 - ok
20:45:03.0633 0488 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:45:03.0633 0488 ErrDev - ok
20:45:03.0711 0488 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
20:45:03.0711 0488 ETService - ok
20:45:03.0774 0488 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
20:45:03.0789 0488 EuGdiDrv - ok
20:45:03.0836 0488 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:45:03.0836 0488 EventSystem - ok
20:45:03.0898 0488 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:45:03.0898 0488 exfat - ok
20:45:03.0945 0488 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:45:03.0945 0488 fastfat - ok
20:45:03.0992 0488 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:45:03.0992 0488 fdc - ok
20:45:04.0039 0488 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:45:04.0039 0488 fdPHost - ok
20:45:04.0054 0488 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:45:04.0054 0488 FDResPub - ok
20:45:04.0070 0488 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:45:04.0070 0488 FileInfo - ok
20:45:04.0101 0488 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:45:04.0101 0488 Filetrace - ok
20:45:04.0117 0488 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:45:04.0132 0488 flpydisk - ok
20:45:04.0179 0488 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:45:04.0179 0488 FltMgr - ok
20:45:04.0273 0488 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:45:04.0288 0488 FontCache - ok
20:45:04.0366 0488 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:45:04.0382 0488 FontCache3.0.0.0 - ok
20:45:04.0507 0488 ForceWare Intelligent Application Manager (IAM) (283195c5301eadbcf56dee637573ed12) C:\Program Files\bin32\nSvcAppFlt.exe
20:45:04.0522 0488 ForceWare Intelligent Application Manager (IAM) - ok
20:45:04.0616 0488 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:45:04.0616 0488 Fs_Rec - ok
20:45:04.0663 0488 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:45:04.0663 0488 gagp30kx - ok
20:45:04.0741 0488 GameConsoleService (58f9ee8357271a5529cccbd35a80e599) C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
20:45:04.0741 0488 GameConsoleService - ok
20:45:04.0772 0488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:45:04.0788 0488 GEARAspiWDM - ok
20:45:04.0897 0488 GoogleDesktopManager-110309-193829 (f0187e45268e86aaaa932cbd9087bea8) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:45:04.0897 0488 GoogleDesktopManager-110309-193829 - ok
20:45:04.0959 0488 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:45:04.0959 0488 gpsvc - ok
20:45:05.0006 0488 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:45:05.0006 0488 gupdate - ok
20:45:05.0037 0488 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:45:05.0037 0488 gupdatem - ok
20:45:05.0100 0488 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:45:05.0100 0488 HdAudAddService - ok
20:45:05.0146 0488 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:45:05.0162 0488 HDAudBus - ok
20:45:05.0178 0488 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:45:05.0193 0488 HidBth - ok
20:45:05.0209 0488 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:45:05.0209 0488 HidIr - ok
20:45:05.0256 0488 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:45:05.0256 0488 hidserv - ok
20:45:05.0302 0488 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:45:05.0302 0488 HidUsb - ok
20:45:05.0349 0488 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:45:05.0349 0488 hkmsvc - ok
20:45:05.0396 0488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:45:05.0396 0488 HpCISSs - ok
20:45:05.0458 0488 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:45:05.0458 0488 HTTP - ok
20:45:05.0490 0488 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:45:05.0490 0488 i2omp - ok
20:45:05.0536 0488 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:45:05.0536 0488 i8042prt - ok
20:45:05.0583 0488 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:45:05.0583 0488 iaStorV - ok
20:45:05.0692 0488 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:45:05.0692 0488 idsvc - ok
20:45:05.0880 0488 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
20:45:05.0880 0488 IHA_MessageCenter - ok
20:45:05.0989 0488 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:45:05.0989 0488 iirsp - ok
20:45:06.0051 0488 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:45:06.0067 0488 IKEEXT - ok
20:45:06.0114 0488 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
20:45:06.0114 0488 int15 - ok
20:45:06.0238 0488 IntcAzAudAddService (cf2219a2fed4f8f2e0817a2bf1658799) C:\Windows\system32\drivers\RTKVHDA.sys
20:45:06.0270 0488 IntcAzAudAddService - ok
20:45:06.0410 0488 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:45:06.0410 0488 intelide - ok
20:45:06.0426 0488 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:45:06.0426 0488 intelppm - ok
20:45:06.0472 0488 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:45:06.0472 0488 IPBusEnum - ok
20:45:06.0504 0488 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:06.0504 0488 IpFilterDriver - ok
20:45:06.0566 0488 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:45:06.0566 0488 iphlpsvc - ok
20:45:06.0582 0488 IpInIp - ok
20:45:06.0613 0488 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:45:06.0628 0488 IPMIDRV - ok
20:45:06.0644 0488 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:45:06.0660 0488 IPNAT - ok
20:45:06.0769 0488 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:45:06.0784 0488 iPod Service - ok
20:45:06.0816 0488 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:45:06.0816 0488 IRENUM - ok
20:45:06.0847 0488 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:45:06.0847 0488 isapnp - ok
20:45:06.0909 0488 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:45:06.0909 0488 iScsiPrt - ok
20:45:06.0925 0488 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:45:06.0925 0488 iteatapi - ok
20:45:06.0956 0488 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:45:06.0956 0488 iteraid - ok
20:45:06.0972 0488 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:45:06.0987 0488 kbdclass - ok
20:45:07.0034 0488 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:45:07.0034 0488 kbdhid - ok
20:45:07.0081 0488 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:07.0081 0488 KeyIso - ok
20:45:07.0128 0488 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
20:45:07.0143 0488 KSecDD - ok
20:45:07.0221 0488 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:45:07.0221 0488 KtmRm - ok
20:45:07.0284 0488 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:45:07.0284 0488 LanmanServer - ok
20:45:07.0346 0488 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:45:07.0346 0488 LanmanWorkstation - ok
20:45:07.0393 0488 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:45:07.0393 0488 lltdio - ok
20:45:07.0455 0488 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:45:07.0455 0488 lltdsvc - ok
20:45:07.0486 0488 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:45:07.0486 0488 lmhosts - ok
20:45:07.0533 0488 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:45:07.0533 0488 LSI_FC - ok
20:45:07.0549 0488 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:45:07.0549 0488 LSI_SAS - ok
20:45:07.0580 0488 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:45:07.0580 0488 LSI_SCSI - ok
20:45:07.0627 0488 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:45:07.0627 0488 luafv - ok
20:45:07.0674 0488 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
20:45:07.0674 0488 MBAMProtector - ok
20:45:07.0767 0488 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:45:07.0783 0488 MBAMService - ok
20:45:07.0892 0488 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
20:45:07.0892 0488 McciCMService - ok
20:45:07.0939 0488 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:45:07.0954 0488 Mcx2Svc - ok
20:45:08.0017 0488 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:45:08.0017 0488 megasas - ok
20:45:08.0048 0488 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:45:08.0064 0488 MegaSR - ok
20:45:08.0157 0488 Microsoft SharePoint Workspace Audit Service - ok
20:45:08.0188 0488 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:45:08.0204 0488 MMCSS - ok
20:45:08.0220 0488 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:45:08.0220 0488 Modem - ok
20:45:08.0282 0488 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:45:08.0282 0488 monitor - ok
20:45:08.0313 0488 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:45:08.0313 0488 mouclass - ok
20:45:08.0329 0488 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:45:08.0329 0488 mouhid - ok
20:45:08.0376 0488 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:45:08.0376 0488 MountMgr - ok
20:45:08.0438 0488 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:45:08.0438 0488 MozillaMaintenance - ok
20:45:08.0485 0488 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
20:45:08.0485 0488 MpFilter - ok
20:45:08.0516 0488 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:45:08.0516 0488 mpio - ok
20:45:08.0641 0488 MpKsla76a4e73 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A22AE0B-FAD7-4DC1-B83B-DBF5B5E8F738}\MpKsla76a4e73.sys
20:45:08.0641 0488 MpKsla76a4e73 - ok
20:45:08.0688 0488 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:45:08.0688 0488 mpsdrv - ok
20:45:08.0750 0488 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:45:08.0750 0488 Mraid35x - ok
20:45:08.0828 0488 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:45:08.0828 0488 MREMP50 - ok
20:45:08.0859 0488 MREMPR5 - ok
20:45:08.0859 0488 MRENDIS5 - ok
20:45:08.0906 0488 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:45:08.0906 0488 MRESP50 - ok
20:45:08.0937 0488 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:45:08.0953 0488 MRxDAV - ok
20:45:09.0000 0488 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:09.0000 0488 mrxsmb - ok
20:45:09.0046 0488 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:09.0062 0488 mrxsmb10 - ok
20:45:09.0078 0488 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:09.0078 0488 mrxsmb20 - ok
20:45:09.0124 0488 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:45:09.0124 0488 msahci - ok
20:45:09.0156 0488 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:45:09.0156 0488 msdsm - ok
20:45:09.0187 0488 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:45:09.0187 0488 MSDTC - ok
20:45:09.0218 0488 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:45:09.0218 0488 Msfs - ok
20:45:09.0234 0488 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:45:09.0234 0488 msisadrv - ok
20:45:09.0280 0488 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:45:09.0280 0488 MSiSCSI - ok
20:45:09.0280 0488 msiserver - ok
20:45:09.0327 0488 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:45:09.0327 0488 MSKSSRV - ok
20:45:09.0421 0488 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:45:09.0421 0488 MsMpSvc - ok
20:45:09.0452 0488 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:09.0452 0488 MSPCLOCK - ok
20:45:09.0468 0488 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:45:09.0468 0488 MSPQM - ok
20:45:09.0514 0488 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:45:09.0514 0488 MsRPC - ok
20:45:09.0561 0488 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:45:09.0561 0488 mssmbios - ok
20:45:09.0592 0488 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:45:09.0592 0488 MSTEE - ok
20:45:09.0624 0488 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:45:09.0624 0488 Mup - ok
20:45:09.0670 0488 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:45:09.0670 0488 napagent - ok
20:45:09.0733 0488 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:45:09.0733 0488 NativeWifiP - ok
20:45:09.0795 0488 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:45:09.0811 0488 NDIS - ok
20:45:09.0858 0488 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:09.0858 0488 NdisTapi - ok
20:45:09.0873 0488 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:09.0873 0488 Ndisuio - ok
20:45:09.0904 0488 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:09.0904 0488 NdisWan - ok
20:45:09.0920 0488 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:45:09.0920 0488 NDProxy - ok
20:45:09.0936 0488 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:45:09.0936 0488 NetBIOS - ok
20:45:09.0982 0488 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:45:09.0982 0488 netbt - ok
20:45:10.0014 0488 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:10.0014 0488 Netlogon - ok
20:45:10.0060 0488 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:45:10.0060 0488 Netman - ok
20:45:10.0092 0488 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:45:10.0092 0488 netprofm - ok
20:45:10.0170 0488 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:45:10.0170 0488 NetTcpPortSharing - ok
20:45:10.0216 0488 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:45:10.0216 0488 nfrd960 - ok
20:45:10.0279 0488 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:45:10.0279 0488 NisDrv - ok
20:45:10.0372 0488 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:45:10.0372 0488 NisSrv - ok
20:45:10.0419 0488 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:45:10.0435 0488 NlaSvc - ok
20:45:10.0466 0488 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:45:10.0466 0488 Npfs - ok
20:45:10.0482 0488 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:45:10.0482 0488 nsi - ok
20:45:10.0528 0488 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:45:10.0528 0488 nsiproxy - ok
20:45:10.0591 0488 nSvcIp (3c7bd1ec817d300a8826d49c406d5894) C:\Program Files\bin32\nSvcIp.exe
20:45:10.0591 0488 nSvcIp - ok
20:45:10.0684 0488 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:45:10.0700 0488 Ntfs - ok
20:45:10.0731 0488 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:45:10.0731 0488 ntrigdigi - ok
20:45:10.0762 0488 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:45:10.0762 0488 Null - ok
20:45:10.0840 0488 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
20:45:10.0840 0488 NVENETFD - ok
20:45:10.0903 0488 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
20:45:10.0903 0488 NVHDA - ok
20:45:11.0511 0488 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:45:11.0745 0488 nvlddmkm - ok
20:45:11.0917 0488 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
20:45:11.0917 0488 NVNET - ok
20:45:11.0964 0488 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:45:11.0964 0488 nvraid - ok
20:45:12.0026 0488 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
20:45:12.0042 0488 nvsmu - ok
20:45:12.0057 0488 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:45:12.0057 0488 nvstor - ok
20:45:12.0088 0488 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
20:45:12.0104 0488 nvstor32 - ok
20:45:12.0151 0488 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
20:45:12.0166 0488 nvsvc - ok
20:45:12.0369 0488 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:45:12.0385 0488 nvUpdatusService - ok
20:45:12.0525 0488 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:45:12.0525 0488 nv_agp - ok
20:45:12.0541 0488 NwlnkFlt - ok
20:45:12.0556 0488 NwlnkFwd - ok
20:45:12.0588 0488 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:45:12.0588 0488 ohci1394 - ok
20:45:12.0697 0488 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:45:12.0697 0488 ose - ok
20:45:12.0946 0488 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:45:13.0040 0488 osppsvc - ok
20:45:13.0180 0488 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:13.0180 0488 p2pimsvc - ok
20:45:13.0196 0488 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:13.0212 0488 p2psvc - ok
20:45:13.0258 0488 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:45:13.0258 0488 Parport - ok
20:45:13.0305 0488 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:45:13.0305 0488 partmgr - ok
20:45:13.0321 0488 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:45:13.0336 0488 Parvdm - ok
20:45:13.0368 0488 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:45:13.0368 0488 PcaSvc - ok
20:45:13.0414 0488 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:45:13.0414 0488 pci - ok
20:45:13.0461 0488 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:45:13.0461 0488 pciide - ok
20:45:13.0508 0488 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:45:13.0524 0488 pcmcia - ok
20:45:13.0586 0488 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:45:13.0602 0488 PEAUTH - ok
20:45:13.0726 0488 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:45:13.0742 0488 pla - ok
20:45:13.0851 0488 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:45:13.0867 0488 PlugPlay - ok
20:45:13.0914 0488 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:13.0929 0488 PNRPAutoReg - ok
20:45:13.0929 0488 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:13.0945 0488 PNRPsvc - ok
20:45:13.0976 0488 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:45:13.0976 0488 PolicyAgent - ok
20:45:14.0054 0488 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:14.0054 0488 PptpMiniport - ok
20:45:14.0070 0488 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:45:14.0085 0488 Processor - ok
20:45:14.0116 0488 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:45:14.0132 0488 ProfSvc - ok
20:45:14.0163 0488 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:14.0163 0488 ProtectedStorage - ok
20:45:14.0210 0488 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:45:14.0210 0488 PSched - ok
20:45:14.0226 0488 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
20:45:14.0226 0488 PxHelp20 - ok
20:45:14.0319 0488 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:45:14.0335 0488 ql2300 - ok
20:45:14.0366 0488 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:45:14.0366 0488 ql40xx - ok
20:45:14.0413 0488 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:45:14.0428 0488 QWAVE - ok
20:45:14.0444 0488 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:45:14.0444 0488 QWAVEdrv - ok
20:45:14.0460 0488 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:14.0460 0488 RasAcd - ok
20:45:14.0491 0488 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:45:14.0491 0488 RasAuto - ok
20:45:14.0522 0488 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:14.0522 0488 Rasl2tp - ok
20:45:14.0569 0488 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:45:14.0569 0488 RasMan - ok
20:45:14.0616 0488 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:14.0616 0488 RasPppoe - ok
20:45:14.0631 0488 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:14.0631 0488 RasSstp - ok
20:45:14.0694 0488 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:14.0694 0488 rdbss - ok
20:45:14.0725 0488 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:14.0725 0488 RDPCDD - ok
20:45:14.0772 0488 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:45:14.0772 0488 rdpdr - ok
20:45:14.0787 0488 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:45:14.0787 0488 RDPENCDD - ok
20:45:14.0834 0488 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:45:14.0834 0488 RDPWD - ok
20:45:14.0865 0488 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:45:14.0865 0488 RemoteAccess - ok
20:45:14.0912 0488 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:45:14.0912 0488 RemoteRegistry - ok
20:45:14.0928 0488 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:45:14.0943 0488 RpcLocator - ok
20:45:14.0990 0488 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:45:15.0006 0488 RpcSs - ok
20:45:15.0052 0488 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:15.0052 0488 rspndr - ok
20:45:15.0084 0488 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:15.0084 0488 SamSs - ok
20:45:15.0115 0488 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:45:15.0115 0488 sbp2port - ok
20:45:15.0177 0488 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:45:15.0177 0488 SCardSvr - ok
20:45:15.0240 0488 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:45:15.0255 0488 Schedule - ok
20:45:15.0286 0488 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
20:45:15.0286 0488 SCMNdisP - ok
20:45:15.0333 0488 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:45:15.0333 0488 SCPolicySvc - ok
20:45:15.0380 0488 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:45:15.0380 0488 SDRSVC - ok
20:45:15.0427 0488 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:45:15.0427 0488 secdrv - ok
20:45:15.0442 0488 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:45:15.0442 0488 seclogon - ok
20:45:15.0458 0488 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:45:15.0458 0488 SENS - ok
20:45:15.0489 0488 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:45:15.0489 0488 Serenum - ok
20:45:15.0520 0488 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:45:15.0520 0488 Serial - ok
20:45:15.0552 0488 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:45:15.0552 0488 sermouse - ok
20:45:15.0598 0488 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:45:15.0598 0488 SessionEnv - ok
20:45:15.0614 0488 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:45:15.0614 0488 sffdisk - ok
20:45:15.0645 0488 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:45:15.0645 0488 sffp_mmc - ok
20:45:15.0692 0488 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:45:15.0692 0488 sffp_sd - ok
20:45:15.0708 0488 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:45:15.0708 0488 sfloppy - ok
20:45:15.0770 0488 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:45:15.0770 0488 SharedAccess - ok
20:45:15.0832 0488 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:45:15.0832 0488 ShellHWDetection - ok
20:45:15.0864 0488 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:45:15.0864 0488 sisagp - ok
20:45:15.0910 0488 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:45:15.0910 0488 SiSRaid2 - ok
20:45:15.0942 0488 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:45:15.0942 0488 SiSRaid4 - ok
20:45:16.0129 0488 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:45:16.0176 0488 slsvc - ok
20:45:16.0300 0488 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:45:16.0300 0488 SLUINotify - ok
20:45:16.0363 0488 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:45:16.0363 0488 Smb - ok
20:45:16.0410 0488 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:45:16.0410 0488 SNMPTRAP - ok
20:45:16.0456 0488 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:45:16.0456 0488 spldr - ok
20:45:16.0503 0488 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:45:16.0519 0488 Spooler - ok
20:45:16.0566 0488 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:45:16.0581 0488 srv - ok
20:45:16.0628 0488 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:45:16.0644 0488 srv2 - ok
20:45:16.0659 0488 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:16.0659 0488 srvnet - ok
20:45:16.0706 0488 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:45:16.0706 0488 SSDPSRV - ok
20:45:16.0753 0488 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:45:16.0753 0488 SstpSvc - ok
20:45:16.0893 0488 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:45:16.0909 0488 Stereo Service - ok
20:45:16.0971 0488 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:45:16.0971 0488 stisvc - ok
20:45:17.0018 0488 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:45:17.0034 0488 swenum - ok
20:45:17.0080 0488 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:45:17.0080 0488 swprv - ok
20:45:17.0112 0488 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:45:17.0112 0488 Symc8xx - ok
20:45:17.0143 0488 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:45:17.0143 0488 Sym_hi - ok
20:45:17.0174 0488 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:45:17.0174 0488 Sym_u3 - ok
20:45:17.0221 0488 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:45:17.0236 0488 SysMain - ok
20:45:17.0283 0488 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:45:17.0299 0488 TabletInputService - ok
20:45:17.0330 0488 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:45:17.0346 0488 TapiSrv - ok
20:45:17.0361 0488 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:45:17.0361 0488 TBS - ok
20:45:17.0439 0488 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
20:45:17.0455 0488 Tcpip - ok
20:45:17.0470 0488 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:17.0486 0488 Tcpip6 - ok
20:45:17.0517 0488 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
20:45:17.0517 0488 tcpipreg - ok
20:45:17.0564 0488 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:45:17.0564 0488 TDPIPE - ok
20:45:17.0595 0488 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:45:17.0595 0488 TDTCP - ok
20:45:17.0626 0488 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:45:17.0626 0488 tdx - ok
20:45:17.0658 0488 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:45:17.0658 0488 TermDD - ok
20:45:17.0704 0488 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:45:17.0720 0488 TermService - ok
20:45:17.0767 0488 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:45:17.0767 0488 Themes - ok
20:45:17.0814 0488 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:45:17.0814 0488 THREADORDER - ok
20:45:17.0860 0488 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:45:17.0860 0488 TrkWks - ok
20:45:17.0923 0488 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:45:17.0923 0488 TrustedInstaller - ok
20:45:17.0970 0488 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:17.0970 0488 tssecsrv - ok
20:45:18.0001 0488 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:45:18.0001 0488 tunmp - ok
20:45:18.0048 0488 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:18.0048 0488 tunnel - ok
20:45:18.0079 0488 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:45:18.0079 0488 uagp35 - ok
20:45:18.0110 0488 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:45:18.0110 0488 udfs - ok
20:45:18.0157 0488 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:45:18.0157 0488 UI0Detect - ok
20:45:18.0204 0488 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:45:18.0204 0488 uliagpkx - ok
20:45:18.0235 0488 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:45:18.0235 0488 uliahci - ok
20:45:18.0266 0488 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:45:18.0266 0488 UlSata - ok
20:45:18.0297 0488 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:45:18.0297 0488 ulsata2 - ok
20:45:18.0328 0488 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:45:18.0328 0488 umbus - ok
20:45:18.0375 0488 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
20:45:18.0375 0488 UMPass - ok
20:45:18.0422 0488 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:45:18.0438 0488 upnphost - ok
20:45:18.0484 0488 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:45:18.0484 0488 USBAAPL - ok
20:45:18.0516 0488 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:45:18.0531 0488 usbccgp - ok
20:45:18.0578 0488 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:45:18.0578 0488 usbcir - ok
20:45:18.0625 0488 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:45:18.0640 0488 usbehci - ok
20:45:18.0687 0488 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:18.0687 0488 usbhub - ok
20:45:18.0703 0488 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:45:18.0703 0488 usbohci - ok
20:45:18.0750 0488 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:18.0765 0488 usbprint - ok
20:45:18.0812 0488 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:45:18.0812 0488 usbscan - ok
20:45:18.0859 0488 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:18.0859 0488 USBSTOR - ok
20:45:18.0906 0488 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:45:18.0906 0488 usbuhci - ok
20:45:18.0937 0488 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:45:18.0937 0488 UxSms - ok
20:45:18.0999 0488 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:45:18.0999 0488 vds - ok
20:45:19.0030 0488 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:19.0030 0488 vga - ok
20:45:19.0062 0488 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:45:19.0062 0488 VgaSave - ok
20:45:19.0093 0488 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:45:19.0093 0488 viaagp - ok
20:45:19.0140 0488 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:45:19.0140 0488 ViaC7 - ok
20:45:19.0155 0488 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:45:19.0155 0488 viaide - ok
20:45:19.0186 0488 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:45:19.0186 0488 volmgr - ok
20:45:19.0233 0488 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:45:19.0233 0488 volmgrx - ok
20:45:19.0280 0488 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:45:19.0280 0488 volsnap - ok
20:45:19.0311 0488 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:45:19.0311 0488 vsmraid - ok
20:45:19.0405 0488 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:45:19.0420 0488 VSS - ok
20:45:19.0452 0488 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:45:19.0452 0488 W32Time - ok
20:45:19.0530 0488 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:45:19.0530 0488 WacomPen - ok
20:45:19.0561 0488 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:19.0576 0488 Wanarp - ok
20:45:19.0576 0488 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:19.0576 0488 Wanarpv6 - ok
20:45:19.0623 0488 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:45:19.0639 0488 wcncsvc - ok
20:45:19.0670 0488 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:45:19.0686 0488 WcsPlugInService - ok
20:45:19.0717 0488 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:45:19.0717 0488 Wd - ok
20:45:19.0732 0488 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
20:45:19.0732 0488 WDC_SAM - ok
20:45:19.0779 0488 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:45:19.0795 0488 Wdf01000 - ok
20:45:19.0810 0488 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:45:19.0810 0488 WdiServiceHost - ok
20:45:19.0826 0488 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:45:19.0826 0488 WdiSystemHost - ok
20:45:19.0857 0488 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:45:19.0873 0488 WebClient - ok
20:45:19.0920 0488 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:45:19.0920 0488 Wecsvc - ok
20:45:19.0966 0488 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:45:19.0982 0488 wercplsupport - ok
20:45:20.0013 0488 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:45:20.0029 0488 WerSvc - ok
20:45:20.0107 0488 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:45:20.0107 0488 WinDefend - ok
20:45:20.0122 0488 WinHttpAutoProxySvc - ok
20:45:20.0200 0488 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:45:20.0200 0488 Winmgmt - ok
20:45:20.0294 0488 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:45:20.0310 0488 WinRM - ok
20:45:20.0388 0488 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:45:20.0388 0488 Wlansvc - ok
20:45:20.0466 0488 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:20.0466 0488 WmiAcpi - ok
20:45:20.0544 0488 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:45:20.0544 0488 wmiApSrv - ok
20:45:20.0684 0488 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:45:20.0684 0488 WMPNetworkSvc - ok
20:45:20.0715 0488 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:45:20.0715 0488 WPCSvc - ok
20:45:20.0762 0488 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:45:20.0762 0488 WPDBusEnum - ok
20:45:20.0856 0488 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:45:20.0856 0488 WpdUsb - ok
20:45:20.0996 0488 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:45:21.0012 0488 WPFFontCache_v0400 - ok
20:45:21.0043 0488 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:21.0043 0488 ws2ifsl - ok
20:45:21.0105 0488 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:45:21.0105 0488 wscsvc - ok
20:45:21.0152 0488 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:45:21.0152 0488 WSDPrintDevice - ok
20:45:21.0199 0488 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
20:45:21.0199 0488 WSDScan - ok
20:45:21.0199 0488 WSearch - ok
20:45:21.0308 0488 WSWNDA3100 (2a7db6a6f2c2e7cb40311d5b9340060d) C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
20:45:21.0308 0488 WSWNDA3100 - ok
20:45:21.0433 0488 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:45:21.0448 0488 wuauserv - ok
20:45:21.0604 0488 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:21.0604 0488 WUDFRd - ok
20:45:21.0667 0488 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:45:21.0667 0488 wudfsvc - ok
20:45:21.0698 0488 MBR (0x1B8) (8c9f9e03865c35f0f3829a23cda42f5d) \Device\Harddisk0\DR0
20:45:24.0444 0488 \Device\Harddisk0\DR0 - ok
20:45:24.0444 0488 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:45:24.0459 0488 \Device\Harddisk1\DR1 - ok
20:45:24.0459 0488 Boot (0x1200) (1ef3b15fdb01537adf52c7f68a0f5d90) \Device\Harddisk0\DR0\Partition0
20:45:24.0459 0488 \Device\Harddisk0\DR0\Partition0 - ok
20:45:24.0490 0488 Boot (0x1200) (bb054a4561eaf471c6a52043f0736f87) \Device\Harddisk0\DR0\Partition1
20:45:24.0490 0488 \Device\Harddisk0\DR0\Partition1 - ok
20:45:24.0506 0488 Boot (0x1200) (55a3df6cccaf536a76bf0e9b2d3587e5) \Device\Harddisk1\DR1\Partition0
20:45:24.0506 0488 \Device\Harddisk1\DR1\Partition0 - ok
20:45:24.0506 0488 ============================================================
20:45:24.0506 0488 Scan finished
20:45:24.0506 0488 ============================================================
20:45:24.0522 5588 Detected object count: 0
20:45:24.0522 5588 Actual detected object count: 0






Here is the aswMBR report:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 20:45:58
-----------------------------
20:45:58.247 OS Version: Windows 6.0.6002 Service Pack 2
20:45:58.247 Number of processors: 1 586 0x5F03
20:45:58.247 ComputerName: EMACHINE UserName: Brian
20:46:00.915 Initialize success
20:46:37.780 AVAST engine defs: 12072701
20:46:52.569 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
20:46:52.569 Disk 0 Vendor: Hitachi_ GMBO Size: 152627MB BusType: 6
20:46:52.569 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000067
20:46:52.569 Disk 1 Vendor: Size: 152627MB BusType: 0
20:46:52.584 Disk 0 MBR read successfully
20:46:52.600 Disk 0 MBR scan
20:46:52.600 Disk 0 unknown MBR code
20:46:52.615 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
20:46:52.647 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68111 MB offset 33556480
20:46:52.678 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 68129 MB offset 173047833
20:46:52.693 Disk 0 scanning sectors +312576705
20:46:52.771 Disk 0 scanning C:\Windows\system32\drivers
20:47:11.632 Service scanning
20:47:31.865 Service MpKsla76a4e73 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A22AE0B-FAD7-4DC1-B83B-DBF5B5E8F738}\MpKsla76a4e73.sys **LOCKED** 32
20:48:00.132 Modules scanning
20:48:12.300 Disk 0 trace - called modules:
20:48:12.331 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:48:12.331 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8676eac8]
20:48:12.331 3 CLASSPNP.SYS[8879d8b3] -> nt!IofCallDriver -> [0x852a8300]
20:48:12.347 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000058[0x852a7b88]
20:48:13.111 AVAST engine scan C:\Windows
20:48:19.757 AVAST engine scan C:\Windows\system32
20:53:18.121 AVAST engine scan C:\Windows\system32\drivers
20:53:40.850 AVAST engine scan C:\Users\Brian
21:00:51.027 AVAST engine scan C:\ProgramData
21:02:33.146 Scan finished successfully
21:06:49.323 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
21:06:49.464 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 27 July 2012 - 11:32 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Brian C.

Brian C.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 27 July 2012 - 11:55 PM

Having a problem turning off MSE...I went to task manager to stop the process, but I am still getting the warning from Combofix regarding that I need to disable the MSE scanner before continuing. I do not know how to do this (turning off the scanner) other than my previous attempt at stopping its services via the task manager.

I even tried rebooting and running this in safe mode with networking, but I still get the warning.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users