Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am unable to open programs normally


  • This topic is locked This topic is locked
16 replies to this topic

#1 richajx09

richajx09

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 26 July 2012 - 08:44 PM

I had a topic recently that was not solved in the Am I infected? What do I do? forum. I was told to start a new topic in this forum. Here is the link to the old topic:
http://www.bleepingcomputer.com/forums/topic462102.html/page__pid__2779315#top

I was told to do steps 6-9 in the Preparation Guide, but the link to download DDS in step 7 did not work, so I stopped after step 6.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 AM

Posted 01 August 2012 - 10:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462638 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 richajx09

richajx09
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 01 August 2012 - 01:51 PM

Here is the problem description that I included in the original topic http://www.bleepingcomputer.com/forums/topic462611.html/page__p__2776540#entry2776540:
Yesterday, I downloaded Xpadder 5.3. The only way I can run programs is by right clicking, clicking "Run as..." and deselecting "Protect my computer and data from unauthorized program activity." However, even doing this, I cannot run Internet Explorer and I have to use Google Chrome. Normally, when I am connected to the internet, I have four green bars. Now, these bars are blue. I have already tried System Restore to two different prior points in time, both of which did nothing. Is this a virus or something else? I appreciate any help.


I am still having the same issues. My system is Windows XP 32-bit. Neither DDS link (.scr or .pif) works.

Here is the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-01 14:49:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.0003
Running: ovj4itjd.exe; Driver: C:\DOCUME~1\JAREDR~1\LOCALS~1\Temp\uflyapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 02 August 2012 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.

===

DO NOT RESTART THE COMPUTER YET.

Run this tool and if you can please post the log also.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

#5 richajx09

richajx09
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 02 August 2012 - 01:19 PM

Here is the rkill log:

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/02/2012 02:04:39 PM in x86 mode.
Windows Version: Windows XP

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\System32\WLTRYSVC.EXE (PID: 1672) [WD-HEUR]
* C:\WINDOWS\System32\bcmwltry.exe (PID: 1732) [WD-HEUR]
* C:\WINDOWS\system32\WLTRAY.exe (PID: 3672) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/02/2012 02:05:13 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)



Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jared Richard at 14:06:37 on 2012-08-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3024.1847 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?PC=BNHP
uSearch Page = hxxp://www.live.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\documents and settings\jared richard\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://firepass.juniata.edu/vdesk/terminal/f5opswati.cab#Version=7060,2012,531,1928
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://firepass.juniata.edu/vdesk/terminal/urxvpn.cab#version=7000,2011,104,2321
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://firepass.juniata.edu/vdesk/terminal/f5opswati.cab#Version=7060,2012,531,1928
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://firepass.juniata.edu/vdesk/terminal/f5tunsrv.cab#version=7000,2011,1213,303
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://firepass.juniata.edu/vdesk/terminal/InstallerControl.cab#version=7000,2011,0622,1118
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://firepass.juniata.edu/vdesk/terminal/f5opswati.cab#Version=7060,2012,531,1928
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://firepass.juniata.edu/vdesk/terminal/f5InspectionHost.cab#version=7000,2011,0622,1017
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://firepass.juniata.edu/vdesk/terminal/urxshost.cab#version=7000,2010,1020,1428
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://firepass.juniata.edu/vdesk/terminal/urxhost.cab#version=7000,2012,215,1933
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://firepass.juniata.edu/vdesk/terminal/f5opswati.cab#Version=7060,2012,531,1928
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{9CEAC8D6-3EF8-4DCD-BF49-E75C8E4EBA49} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 193288]
R2 BNPagent;Bradford Persistent Agent Service;c:\program files\bradford networks\persistent agent\bndaemon.exe [2010-9-29 3067672]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-4-9 447264]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2152152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-23 655944]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-4-10 77824]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-10 112512]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-7-10 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-7-10 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 109568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-23 22344]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-7-10 232744]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2011-1-4 35448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-1 1025352]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-3-18 23456]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2011-11-24 10744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-24 05:18:09 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-07-24 03:29:12 -------- d-----w- c:\documents and settings\jared richard\application data\Malwarebytes
2012-07-24 03:28:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-24 03:28:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 03:28:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-07-27 16:58:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 16:58:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-23 02:30:49 26112 ----a-w- c:\windows\system32\userinit.exe
2012-06-13 13:29:09 1875072 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 14:13:09.83 ===============


I also want to add that in my last post, I did not follow the GMER log instructions correctly. When I did follow the instructions, on two separate occasions, I could do nothing but turn off my computer at the end of the scan, so I was unable to obtain the correct GMER log. Thank you for your time.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 03 August 2012 - 07:20 AM

Please run these tools in the order listed.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

Please let me know what problem persists.

#7 richajx09

richajx09
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 August 2012 - 08:20 PM

Here is the TDSSKiller report:


21:17:39.0875 4724 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:17:40.0125 4724 ============================================================
21:17:40.0125 4724 Current date / time: 2012/08/05 21:17:40.0125
21:17:40.0125 4724 SystemInfo:
21:17:40.0125 4724
21:17:40.0125 4724 OS Version: 5.1.2600 ServicePack: 3.0
21:17:40.0125 4724 Product type: Workstation
21:17:40.0125 4724 ComputerName: DH909KK1
21:17:40.0125 4724 UserName: Jared Richard
21:17:40.0125 4724 Windows directory: C:\WINDOWS
21:17:40.0125 4724 System windows directory: C:\WINDOWS
21:17:40.0125 4724 Processor architecture: Intel x86
21:17:40.0125 4724 Number of processors: 2
21:17:40.0125 4724 Page size: 0x1000
21:17:40.0125 4724 Boot type: Normal boot
21:17:40.0125 4724 ============================================================
21:17:40.0500 4724 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:17:40.0500 4724 ============================================================
21:17:40.0500 4724 \Device\Harddisk0\DR0:
21:17:40.0500 4724 MBR partitions:
21:17:40.0500 4724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5E218, BlocksNum 0x129BA8A9
21:17:40.0500 4724 ============================================================
21:17:40.0562 4724 C: <-> \Device\Harddisk0\DR0\Partition0
21:17:40.0562 4724 ============================================================
21:17:40.0562 4724 Initialize success
21:17:40.0562 4724 ============================================================
21:17:41.0453 1552 ============================================================
21:17:41.0453 1552 Scan started
21:17:41.0453 1552 Mode: Manual;
21:17:41.0453 1552 ============================================================
21:17:44.0562 1552 Abiosdsk - ok
21:17:44.0609 1552 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:17:44.0609 1552 abp480n5 - ok
21:17:44.0640 1552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:17:44.0656 1552 ACPI - ok
21:17:44.0656 1552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:17:44.0656 1552 ACPIEC - ok
21:17:44.0718 1552 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:17:44.0718 1552 AdobeFlashPlayerUpdateSvc - ok
21:17:44.0765 1552 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:17:44.0765 1552 adpu160m - ok
21:17:44.0828 1552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:17:44.0828 1552 aec - ok
21:17:44.0921 1552 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
21:17:44.0953 1552 AESTAud - ok
21:17:45.0078 1552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:17:45.0078 1552 AFD - ok
21:17:45.0125 1552 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:17:45.0140 1552 agp440 - ok
21:17:45.0140 1552 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:17:45.0156 1552 agpCPQ - ok
21:17:45.0156 1552 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:17:45.0156 1552 Aha154x - ok
21:17:45.0171 1552 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:17:45.0171 1552 aic78u2 - ok
21:17:45.0187 1552 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:17:45.0203 1552 aic78xx - ok
21:17:45.0250 1552 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:17:45.0250 1552 Alerter - ok
21:17:45.0296 1552 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:17:45.0296 1552 ALG - ok
21:17:45.0312 1552 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:17:45.0312 1552 AliIde - ok
21:17:45.0312 1552 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:17:45.0328 1552 alim1541 - ok
21:17:45.0328 1552 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:17:45.0343 1552 amdagp - ok
21:17:45.0421 1552 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:17:45.0437 1552 amsint - ok
21:17:45.0562 1552 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:17:45.0562 1552 ApfiltrService - ok
21:17:45.0609 1552 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:17:45.0609 1552 AppMgmt - ok
21:17:45.0750 1552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:17:45.0750 1552 Arp1394 - ok
21:17:45.0750 1552 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:17:45.0750 1552 asc - ok
21:17:45.0796 1552 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:17:45.0812 1552 asc3350p - ok
21:17:45.0828 1552 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:17:45.0828 1552 asc3550 - ok
21:17:46.0000 1552 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
21:17:46.0000 1552 ASFAgent - ok
21:17:46.0109 1552 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:17:46.0140 1552 aspnet_state - ok
21:17:46.0171 1552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:17:46.0171 1552 AsyncMac - ok
21:17:46.0218 1552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:17:46.0234 1552 atapi - ok
21:17:46.0234 1552 Atdisk - ok
21:17:46.0250 1552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:17:46.0250 1552 Atmarpc - ok
21:17:46.0328 1552 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:17:46.0328 1552 AudioSrv - ok
21:17:46.0390 1552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:17:46.0390 1552 audstub - ok
21:17:46.0625 1552 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
21:17:46.0687 1552 AVG Security Toolbar Service - ok
21:17:46.0984 1552 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:17:47.0015 1552 AVGIDSAgent - ok
21:17:47.0171 1552 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
21:17:47.0171 1552 AVGIDSDriver - ok
21:17:47.0203 1552 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
21:17:47.0203 1552 AVGIDSFilter - ok
21:17:47.0234 1552 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
21:17:47.0234 1552 AVGIDSHX - ok
21:17:47.0265 1552 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
21:17:47.0265 1552 AVGIDSShim - ok
21:17:47.0281 1552 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:17:47.0296 1552 Avgldx86 - ok
21:17:47.0296 1552 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:17:47.0296 1552 Avgmfx86 - ok
21:17:47.0296 1552 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:17:47.0312 1552 Avgrkx86 - ok
21:17:47.0328 1552 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:17:47.0328 1552 Avgtdix - ok
21:17:47.0468 1552 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:17:47.0468 1552 avgwd - ok
21:17:47.0578 1552 BBSvc (dbf43db0c648db9101d61041e00df5c4) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:17:47.0593 1552 BBSvc - ok
21:17:47.0750 1552 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:17:47.0843 1552 BCM43XX - ok
21:17:47.0859 1552 BCMWLNPF (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys
21:17:47.0875 1552 BCMWLNPF - ok
21:17:47.0921 1552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:17:47.0921 1552 Beep - ok
21:17:48.0000 1552 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:17:48.0000 1552 BITS - ok
21:17:48.0312 1552 BNPagent (57f169b48f86d9ec3bc5f8bf1952b959) C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
21:17:48.0328 1552 BNPagent - ok
21:17:48.0578 1552 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:17:48.0593 1552 Browser - ok
21:17:48.0718 1552 buttonsvc32 (81a395aab3c606d5f1667cc5fc02b3d2) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
21:17:48.0718 1552 buttonsvc32 - ok
21:17:48.0796 1552 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:17:48.0796 1552 cbidf - ok
21:17:48.0796 1552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:17:48.0796 1552 cbidf2k - ok
21:17:48.0812 1552 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:17:48.0812 1552 cd20xrnt - ok
21:17:48.0843 1552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:17:48.0843 1552 Cdaudio - ok
21:17:48.0859 1552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:17:48.0875 1552 Cdfs - ok
21:17:48.0921 1552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:17:48.0921 1552 Cdrom - ok
21:17:48.0937 1552 Changer - ok
21:17:48.0968 1552 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:17:48.0968 1552 CiSvc - ok
21:17:48.0984 1552 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:17:48.0984 1552 ClipSrv - ok
21:17:49.0093 1552 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:49.0156 1552 clr_optimization_v2.0.50727_32 - ok
21:17:49.0218 1552 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:49.0250 1552 clr_optimization_v4.0.30319_32 - ok
21:17:49.0312 1552 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:17:49.0328 1552 CmBatt - ok
21:17:49.0343 1552 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:17:49.0343 1552 CmdIde - ok
21:17:49.0390 1552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:17:49.0390 1552 Compbatt - ok
21:17:49.0390 1552 COMSysApp - ok
21:17:49.0437 1552 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:17:49.0437 1552 Cpqarray - ok
21:17:49.0531 1552 Credential Vault Host Control Service (85d37efa93b2267ab6abf8a54735ab22) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
21:17:49.0531 1552 Credential Vault Host Control Service - ok
21:17:49.0546 1552 Credential Vault Host Storage (97ccce5d6e54a044636a6c7552fa59e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
21:17:49.0546 1552 Credential Vault Host Storage - ok
21:17:49.0593 1552 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:17:49.0593 1552 CryptSvc - ok
21:17:49.0609 1552 cvusbdrv (a95d9b8d882adf93ef40d7dc9b9bb508) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
21:17:49.0609 1552 cvusbdrv - ok
21:17:49.0656 1552 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:17:49.0656 1552 dac2w2k - ok
21:17:49.0671 1552 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:17:49.0671 1552 dac960nt - ok
21:17:49.0734 1552 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:17:49.0734 1552 DcomLaunch - ok
21:17:49.0890 1552 dcpsysmgrsvc (eb8c5e4996f91808fb7ca297b903208b) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
21:17:49.0890 1552 dcpsysmgrsvc - ok
21:17:49.0984 1552 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:17:49.0984 1552 Dhcp - ok
21:17:50.0046 1552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:17:50.0046 1552 Disk - ok
21:17:50.0078 1552 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
21:17:50.0078 1552 DLABMFSM - ok
21:17:50.0125 1552 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
21:17:50.0125 1552 DLABOIOM - ok
21:17:50.0171 1552 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:17:50.0187 1552 DLACDBHM - ok
21:17:50.0187 1552 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
21:17:50.0203 1552 DLADResM - ok
21:17:50.0250 1552 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
21:17:50.0250 1552 DLAIFS_M - ok
21:17:50.0265 1552 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
21:17:50.0265 1552 DLAOPIOM - ok
21:17:50.0281 1552 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
21:17:50.0281 1552 DLAPoolM - ok
21:17:50.0296 1552 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:17:50.0296 1552 DLARTL_M - ok
21:17:50.0312 1552 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
21:17:50.0312 1552 DLAUDFAM - ok
21:17:50.0343 1552 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
21:17:50.0343 1552 DLAUDF_M - ok
21:17:50.0343 1552 dmadmin - ok
21:17:50.0406 1552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:17:50.0453 1552 dmboot - ok
21:17:50.0484 1552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:17:50.0484 1552 dmio - ok
21:17:50.0484 1552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:17:50.0484 1552 dmload - ok
21:17:50.0515 1552 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:17:50.0515 1552 dmserver - ok
21:17:50.0546 1552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:17:50.0546 1552 DMusic - ok
21:17:50.0609 1552 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:17:50.0609 1552 Dnscache - ok
21:17:50.0656 1552 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:17:50.0656 1552 Dot3svc - ok
21:17:50.0671 1552 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:17:50.0671 1552 dpti2o - ok
21:17:50.0703 1552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:17:50.0703 1552 drmkaud - ok
21:17:50.0734 1552 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
21:17:50.0734 1552 DrvAgent32 - ok
21:17:50.0796 1552 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:17:50.0796 1552 DRVMCDB - ok
21:17:50.0812 1552 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:17:50.0828 1552 DRVNDDM - ok
21:17:50.0890 1552 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
21:17:50.0890 1552 e1yexpress - ok
21:17:50.0921 1552 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:17:50.0921 1552 EapHost - ok
21:17:50.0953 1552 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:17:50.0953 1552 ERSvc - ok
21:17:51.0015 1552 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:17:51.0015 1552 Eventlog - ok
21:17:51.0046 1552 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:17:51.0046 1552 EventSystem - ok
21:17:51.0093 1552 f5ipfw (c0b3a7198357d2e09b4b6130d45a0f71) C:\WINDOWS\system32\drivers\urfltw2k.sys
21:17:51.0093 1552 f5ipfw - ok
21:17:51.0140 1552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:17:51.0140 1552 Fastfat - ok
21:17:51.0203 1552 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:17:51.0203 1552 FastUserSwitchingCompatibility - ok
21:17:51.0281 1552 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
21:17:51.0281 1552 Fax - ok
21:17:51.0281 1552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:17:51.0296 1552 Fdc - ok
21:17:51.0312 1552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:17:51.0312 1552 Fips - ok
21:17:51.0312 1552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:17:51.0312 1552 Flpydisk - ok
21:17:51.0343 1552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:17:51.0359 1552 FltMgr - ok
21:17:51.0640 1552 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:17:51.0640 1552 FontCache3.0.0.0 - ok
21:17:51.0671 1552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:51.0671 1552 Fs_Rec - ok
21:17:51.0734 1552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:17:51.0734 1552 Ftdisk - ok
21:17:51.0796 1552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:17:51.0796 1552 Gpc - ok
21:17:52.0015 1552 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:52.0015 1552 gupdate - ok
21:17:52.0015 1552 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:52.0015 1552 gupdatem - ok
21:17:52.0109 1552 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:17:52.0109 1552 gusvc - ok
21:17:52.0171 1552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:17:52.0171 1552 HDAudBus - ok
21:17:52.0421 1552 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:17:52.0421 1552 helpsvc - ok
21:17:52.0468 1552 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:17:52.0468 1552 HidServ - ok
21:17:52.0515 1552 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:17:52.0515 1552 hidusb - ok
21:17:52.0546 1552 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:17:52.0546 1552 hkmsvc - ok
21:17:52.0562 1552 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:17:52.0562 1552 hpn - ok
21:17:52.0687 1552 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:17:52.0687 1552 hpqcxs08 - ok
21:17:52.0750 1552 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:17:52.0750 1552 hpqddsvc - ok
21:17:52.0812 1552 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:17:52.0828 1552 HPSLPSVC - ok
21:17:52.0890 1552 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:17:52.0890 1552 HPZid412 - ok
21:17:52.0921 1552 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:17:52.0921 1552 HPZipr12 - ok
21:17:52.0937 1552 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:17:52.0937 1552 HPZius12 - ok
21:17:53.0000 1552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:17:53.0000 1552 HTTP - ok
21:17:53.0046 1552 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:17:53.0046 1552 HTTPFilter - ok
21:17:53.0109 1552 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:17:53.0109 1552 i2omgmt - ok
21:17:53.0140 1552 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:17:53.0140 1552 i2omp - ok
21:17:53.0187 1552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:17:53.0187 1552 i8042prt - ok
21:17:53.0359 1552 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:17:53.0375 1552 IAANTMON - ok
21:17:53.0828 1552 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:17:54.0046 1552 ialm - ok
21:17:54.0265 1552 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
21:17:54.0265 1552 iaStor - ok
21:17:54.0406 1552 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:17:54.0421 1552 idsvc - ok
21:17:54.0468 1552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:17:54.0468 1552 Imapi - ok
21:17:54.0500 1552 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:17:54.0500 1552 ImapiService - ok
21:17:54.0531 1552 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:17:54.0531 1552 ini910u - ok
21:17:54.0578 1552 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
21:17:54.0578 1552 IntcHdmiAddService - ok
21:17:54.0609 1552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:17:54.0609 1552 IntelIde - ok
21:17:54.0640 1552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:17:54.0671 1552 intelppm - ok
21:17:54.0750 1552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:17:54.0796 1552 Ip6Fw - ok
21:17:54.0796 1552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:54.0812 1552 IpFilterDriver - ok
21:17:54.0828 1552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:17:54.0828 1552 IpInIp - ok
21:17:54.0859 1552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:17:54.0875 1552 IpNat - ok
21:17:54.0890 1552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:17:54.0890 1552 IPSec - ok
21:17:54.0906 1552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:17:54.0906 1552 IRENUM - ok
21:17:55.0015 1552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:17:55.0015 1552 isapnp - ok
21:17:55.0187 1552 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
21:17:55.0187 1552 JavaQuickStarterService - ok
21:17:55.0250 1552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:17:55.0250 1552 Kbdclass - ok
21:17:55.0312 1552 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:17:55.0312 1552 kbdhid - ok
21:17:55.0453 1552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:17:55.0453 1552 kmixer - ok
21:17:55.0500 1552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:17:55.0500 1552 KSecDD - ok
21:17:55.0578 1552 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:17:55.0578 1552 LanmanServer - ok
21:17:55.0640 1552 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:17:55.0640 1552 lanmanworkstation - ok
21:17:55.0890 1552 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
21:17:55.0906 1552 Lavasoft Ad-Aware Service - ok
21:17:56.0015 1552 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
21:17:56.0015 1552 Lavasoft Kernexplorer - ok
21:17:56.0140 1552 lbrtfdc - ok
21:17:56.0203 1552 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:17:56.0203 1552 LmHosts - ok
21:17:56.0234 1552 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
21:17:56.0234 1552 MBAMProtector - ok
21:17:56.0312 1552 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:17:56.0312 1552 MBAMService - ok
21:17:56.0359 1552 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:17:56.0359 1552 Messenger - ok
21:17:56.0453 1552 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:17:56.0453 1552 Microsoft Office Groove Audit Service - ok
21:17:56.0500 1552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:17:56.0500 1552 mnmdd - ok
21:17:56.0546 1552 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:17:56.0546 1552 mnmsrvc - ok
21:17:56.0562 1552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:17:56.0562 1552 Modem - ok
21:17:56.0593 1552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:17:56.0593 1552 Mouclass - ok
21:17:56.0609 1552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:17:56.0609 1552 mouhid - ok
21:17:56.0625 1552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:17:56.0625 1552 MountMgr - ok
21:17:56.0656 1552 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:17:56.0671 1552 mraid35x - ok
21:17:56.0718 1552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:17:56.0750 1552 MRxDAV - ok
21:17:56.0828 1552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:56.0843 1552 MRxSmb - ok
21:17:56.0906 1552 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:17:56.0906 1552 MSDTC - ok
21:17:56.0906 1552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:17:56.0906 1552 Msfs - ok
21:17:56.0906 1552 MSIServer - ok
21:17:56.0937 1552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:17:56.0937 1552 MSKSSRV - ok
21:17:56.0953 1552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:17:56.0953 1552 MSPCLOCK - ok
21:17:56.0968 1552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:17:56.0968 1552 MSPQM - ok
21:17:57.0000 1552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:17:57.0000 1552 mssmbios - ok
21:17:57.0046 1552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:17:57.0062 1552 Mup - ok
21:17:57.0125 1552 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:17:57.0140 1552 napagent - ok
21:17:57.0187 1552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:17:57.0203 1552 NDIS - ok
21:17:57.0250 1552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:57.0265 1552 NdisTapi - ok
21:17:57.0281 1552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:17:57.0281 1552 Ndisuio - ok
21:17:57.0296 1552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:57.0296 1552 NdisWan - ok
21:17:57.0359 1552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:17:57.0359 1552 NDProxy - ok
21:17:57.0421 1552 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
21:17:57.0421 1552 Net Driver HPZ12 - ok
21:17:57.0437 1552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:17:57.0437 1552 NetBIOS - ok
21:17:57.0468 1552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:57.0484 1552 NetBT - ok
21:17:57.0546 1552 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:17:57.0578 1552 NetDDE - ok
21:17:57.0578 1552 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:17:57.0578 1552 NetDDEdsdm - ok
21:17:57.0593 1552 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:57.0593 1552 Netlogon - ok
21:17:57.0640 1552 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:17:57.0656 1552 Netman - ok
21:17:57.0781 1552 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:17:57.0781 1552 NetTcpPortSharing - ok
21:17:57.0796 1552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:17:57.0812 1552 NIC1394 - ok
21:17:57.0875 1552 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:17:57.0875 1552 Nla - ok
21:17:57.0937 1552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:17:57.0937 1552 Npfs - ok
21:17:58.0046 1552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:58.0062 1552 Ntfs - ok
21:17:58.0109 1552 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:58.0109 1552 NtLmSsp - ok
21:17:58.0171 1552 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:17:58.0187 1552 NtmsSvc - ok
21:17:58.0218 1552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:17:58.0218 1552 Null - ok
21:17:58.0218 1552 NvtSp50 - ok
21:17:58.0281 1552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:58.0281 1552 NwlnkFlt - ok
21:17:58.0296 1552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:58.0296 1552 NwlnkFwd - ok
21:17:58.0453 1552 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:58.0484 1552 odserv - ok
21:17:58.0546 1552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:17:58.0546 1552 ohci1394 - ok
21:17:58.0609 1552 ose (99bf0b1bcadf83102cbbbea4d0d22732) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:58.0609 1552 ose - ok
21:17:58.0656 1552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:17:58.0656 1552 Parport - ok
21:17:58.0671 1552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:58.0671 1552 PartMgr - ok
21:17:58.0687 1552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:58.0687 1552 ParVdm - ok
21:17:58.0718 1552 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
21:17:58.0718 1552 PBADRV - ok
21:17:58.0765 1552 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
21:17:58.0765 1552 PCASp50 - ok
21:17:58.0843 1552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:58.0843 1552 PCI - ok
21:17:58.0843 1552 PCIDump - ok
21:17:58.0859 1552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:17:58.0859 1552 PCIIde - ok
21:17:58.0890 1552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:17:58.0937 1552 Pcmcia - ok
21:17:58.0937 1552 PDCOMP - ok
21:17:58.0937 1552 PDFRAME - ok
21:17:58.0937 1552 PDRELI - ok
21:17:58.0937 1552 PDRFRAME - ok
21:17:58.0968 1552 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:17:58.0984 1552 perc2 - ok
21:17:59.0000 1552 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:17:59.0000 1552 perc2hib - ok
21:17:59.0046 1552 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:17:59.0046 1552 PlugPlay - ok
21:17:59.0093 1552 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
21:17:59.0093 1552 Pml Driver HPZ12 - ok
21:17:59.0156 1552 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:59.0156 1552 PolicyAgent - ok
21:17:59.0218 1552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:59.0218 1552 PptpMiniport - ok
21:17:59.0218 1552 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:59.0218 1552 ProtectedStorage - ok
21:17:59.0234 1552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:59.0234 1552 PSched - ok
21:17:59.0265 1552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:59.0265 1552 Ptilink - ok
21:17:59.0421 1552 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:17:59.0421 1552 PxHelp20 - ok
21:17:59.0453 1552 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:17:59.0453 1552 ql1080 - ok
21:17:59.0468 1552 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:17:59.0468 1552 Ql10wnt - ok
21:17:59.0484 1552 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:17:59.0500 1552 ql12160 - ok
21:17:59.0500 1552 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:17:59.0500 1552 ql1240 - ok
21:17:59.0515 1552 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:17:59.0531 1552 ql1280 - ok
21:17:59.0578 1552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:59.0593 1552 RasAcd - ok
21:17:59.0640 1552 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:17:59.0640 1552 RasAuto - ok
21:17:59.0671 1552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:59.0687 1552 Rasl2tp - ok
21:17:59.0765 1552 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:17:59.0765 1552 RasMan - ok
21:17:59.0781 1552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:59.0781 1552 RasPppoe - ok
21:17:59.0843 1552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:59.0843 1552 Raspti - ok
21:17:59.0890 1552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:59.0890 1552 Rdbss - ok
21:17:59.0906 1552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:59.0921 1552 RDPCDD - ok
21:17:59.0953 1552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:17:59.0984 1552 rdpdr - ok
21:18:00.0046 1552 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:18:00.0046 1552 RDPWD - ok
21:18:00.0078 1552 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:18:00.0093 1552 RDSessMgr - ok
21:18:00.0125 1552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:18:00.0125 1552 redbook - ok
21:18:00.0171 1552 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:18:00.0171 1552 RemoteAccess - ok
21:18:00.0203 1552 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:18:00.0203 1552 RemoteRegistry - ok
21:18:00.0265 1552 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:18:00.0265 1552 rimmptsk - ok
21:18:00.0296 1552 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:18:00.0296 1552 RpcLocator - ok
21:18:00.0343 1552 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:18:00.0343 1552 RpcSs - ok
21:18:00.0406 1552 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:18:00.0421 1552 RSVP - ok
21:18:00.0437 1552 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:18:00.0437 1552 SamSs - ok
21:18:00.0453 1552 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:18:00.0453 1552 SCardSvr - ok
21:18:00.0484 1552 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:18:00.0484 1552 Schedule - ok
21:18:00.0531 1552 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:18:00.0546 1552 sdbus - ok
21:18:00.0781 1552 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:18:00.0781 1552 SeaPort - ok
21:18:00.0812 1552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:18:00.0812 1552 Secdrv - ok
21:18:00.0859 1552 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:18:00.0859 1552 seclogon - ok
21:18:01.0031 1552 SecureStorageService (27d53cd650cc77123faf2f07023dabc7) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
21:18:01.0125 1552 SecureStorageService - ok
21:18:01.0187 1552 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:18:01.0187 1552 SENS - ok
21:18:01.0218 1552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:18:01.0234 1552 Serial - ok
21:18:01.0281 1552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:18:01.0281 1552 Sfloppy - ok
21:18:01.0359 1552 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:18:01.0359 1552 SharedAccess - ok
21:18:01.0406 1552 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:18:01.0421 1552 ShellHWDetection - ok
21:18:01.0421 1552 Simbad - ok
21:18:01.0453 1552 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:18:01.0453 1552 sisagp - ok
21:18:01.0562 1552 SMManager (2946f121562dfa6d3372472a79e8a9f3) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
21:18:01.0562 1552 SMManager - ok
21:18:01.0593 1552 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:18:01.0593 1552 Sparrow - ok
21:18:01.0656 1552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:18:01.0671 1552 splitter - ok
21:18:01.0812 1552 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:18:01.0812 1552 Spooler - ok
21:18:01.0828 1552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:18:01.0828 1552 sr - ok
21:18:01.0890 1552 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:18:01.0906 1552 srservice - ok
21:18:01.0984 1552 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
21:18:01.0984 1552 SRS_PremiumSound_Service - ok
21:18:02.0093 1552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:18:02.0109 1552 Srv - ok
21:18:02.0156 1552 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:18:02.0171 1552 SSDPSRV - ok
21:18:02.0234 1552 STacSV (3603f3db9fba2a8fa91829681ba25afa) c:\drivers\audio\r213367\stacsv.exe
21:18:02.0234 1552 STacSV - ok
21:18:02.0296 1552 Steam Client Service - ok
21:18:02.0437 1552 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
21:18:02.0468 1552 STHDA - ok
21:18:02.0625 1552 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:18:02.0625 1552 StillCam - ok
21:18:02.0671 1552 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:18:02.0671 1552 stisvc - ok
21:18:02.0812 1552 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:18:02.0812 1552 stllssvr - ok
21:18:02.0859 1552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:18:02.0859 1552 swenum - ok
21:18:02.0906 1552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:18:02.0921 1552 swmidi - ok
21:18:02.0921 1552 SwPrv - ok
21:18:02.0953 1552 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:18:02.0953 1552 symc810 - ok
21:18:02.0968 1552 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:18:02.0968 1552 symc8xx - ok
21:18:02.0984 1552 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:18:02.0984 1552 sym_hi - ok
21:18:02.0984 1552 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:18:02.0984 1552 sym_u3 - ok
21:18:03.0015 1552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:18:03.0015 1552 sysaudio - ok
21:18:03.0062 1552 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:18:03.0062 1552 SysmonLog - ok
21:18:03.0125 1552 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:18:03.0125 1552 TapiSrv - ok
21:18:03.0218 1552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:18:03.0234 1552 Tcpip - ok
21:18:03.0421 1552 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
21:18:03.0421 1552 tcsd_win32.exe - ok
21:18:03.0703 1552 TdmService (d228907c9623888bbcfd94617385e3c4) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
21:18:03.0718 1552 TdmService - ok
21:18:03.0968 1552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:18:03.0968 1552 TDPIPE - ok
21:18:03.0984 1552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:18:03.0984 1552 TDTCP - ok
21:18:04.0031 1552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:18:04.0031 1552 TermDD - ok
21:18:04.0093 1552 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:18:04.0093 1552 TermService - ok
21:18:04.0140 1552 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:18:04.0140 1552 Themes - ok
21:18:04.0171 1552 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:18:04.0171 1552 TlntSvr - ok
21:18:04.0187 1552 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:18:04.0203 1552 TosIde - ok
21:18:04.0218 1552 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:18:04.0218 1552 TrkWks - ok
21:18:04.0265 1552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:18:04.0265 1552 Udfs - ok
21:18:04.0312 1552 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:18:04.0312 1552 ultra - ok
21:18:04.0375 1552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:18:04.0390 1552 Update - ok
21:18:04.0453 1552 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:18:04.0468 1552 upnphost - ok
21:18:04.0500 1552 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:18:04.0500 1552 UPS - ok
21:18:04.0546 1552 urvpndrv (31f420b33463590ccbeb8d43ad9ddc11) C:\WINDOWS\system32\DRIVERS\covpndrv.sys
21:18:04.0546 1552 urvpndrv - ok
21:18:04.0593 1552 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:18:04.0609 1552 usbaudio - ok
21:18:04.0656 1552 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:18:04.0656 1552 usbccgp - ok
21:18:04.0687 1552 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
21:18:04.0687 1552 USBCCID - ok
21:18:04.0750 1552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:18:04.0750 1552 usbehci - ok
21:18:04.0812 1552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:18:04.0812 1552 usbhub - ok
21:18:04.0875 1552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:18:04.0875 1552 usbprint - ok
21:18:04.0890 1552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:18:04.0906 1552 usbscan - ok
21:18:04.0921 1552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:18:04.0937 1552 USBSTOR - ok
21:18:05.0000 1552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:18:05.0000 1552 usbuhci - ok
21:18:05.0062 1552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:18:05.0062 1552 VgaSave - ok
21:18:05.0093 1552 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:18:05.0093 1552 viaagp - ok
21:18:05.0109 1552 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:18:05.0109 1552 ViaIde - ok
21:18:05.0281 1552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:18:05.0281 1552 VolSnap - ok
21:18:05.0343 1552 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:18:05.0359 1552 VSS - ok
21:18:05.0687 1552 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
21:18:05.0703 1552 vToolbarUpdater11.2.0 - ok
21:18:05.0875 1552 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:18:05.0890 1552 w32time - ok
21:18:06.0015 1552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:18:06.0031 1552 Wanarp - ok
21:18:06.0359 1552 WavxDMgr (f9cea286b0f8311be823d071eabdf6e0) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
21:18:06.0359 1552 WavxDMgr - ok
21:18:06.0437 1552 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:18:06.0437 1552 Wdf01000 - ok
21:18:06.0453 1552 WDICA - ok
21:18:06.0500 1552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:18:06.0500 1552 wdmaud - ok
21:18:06.0562 1552 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:18:06.0562 1552 WebClient - ok
21:18:06.0875 1552 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:18:06.0890 1552 winmgmt - ok
21:18:06.0906 1552 wltrysvc - ok
21:18:06.0953 1552 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:18:06.0968 1552 WmdmPmSN - ok
21:18:07.0046 1552 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:18:07.0062 1552 Wmi - ok
21:18:07.0125 1552 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:18:07.0140 1552 WmiAcpi - ok
21:18:07.0187 1552 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:18:07.0203 1552 WmiApSrv - ok
21:18:07.0375 1552 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:18:07.0421 1552 WMPNetworkSvc - ok
21:18:07.0453 1552 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:18:07.0453 1552 WpdUsb - ok
21:18:07.0750 1552 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:18:07.0781 1552 WPFFontCache_v0400 - ok
21:18:07.0828 1552 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:18:07.0828 1552 wscsvc - ok
21:18:07.0828 1552 WSearch - ok
21:18:07.0843 1552 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:18:07.0859 1552 wuauserv - ok
21:18:08.0109 1552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:18:08.0109 1552 WudfPf - ok
21:18:08.0140 1552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:18:08.0140 1552 WudfRd - ok
21:18:08.0187 1552 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:18:08.0187 1552 WudfSvc - ok
21:18:08.0234 1552 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:18:08.0250 1552 WZCSVC - ok
21:18:08.0312 1552 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:18:08.0328 1552 xmlprov - ok
21:18:08.0390 1552 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
21:18:08.0390 1552 xusb21 - ok
21:18:08.0421 1552 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:18:08.0828 1552 \Device\Harddisk0\DR0 - ok
21:18:08.0828 1552 Boot (0x1200) (94bd6535fa524fadda2a7b8328dfbb2c) \Device\Harddisk0\DR0\Partition0
21:18:08.0828 1552 \Device\Harddisk0\DR0\Partition0 - ok
21:18:08.0828 1552 ============================================================
21:18:08.0828 1552 Scan finished
21:18:08.0828 1552 ============================================================
21:18:08.0843 2892 Detected object count: 0
21:18:08.0843 2892 Actual detected object count: 0



On two separate occasions, I attempted to complete the other scan (aswMBR). On both occasions after the scan was over, I was unable to do anything but shut off my computer, so I could not save the log. I am still having all of the original problems.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 06 August 2012 - 07:04 AM

Let see if you can get a MBR log from this tool.
Please download MBRCheck.exe and save it to your desktop - not a folder on the desktop - save it directly to the desktop.


* Be sure to disable your security programs.
* Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
* A window will open on your desktop.
* if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
* If nothing unusual is found just press Enter
* A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
* In your next reply, please include the log from MBRChecker.
====


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please post the logs for my review.

#9 richajx09

richajx09
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 August 2012 - 08:28 PM

Here is the MBRCheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200000c

Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA328000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9E2A000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E0A000 fltMgr.sys
0xB9DF8000 sr.sys
0xBA5AC000 DLACDBHM.SYS
0xB9DE1000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DCA000 KSecDD.sys
0xB9DB7000 WudfPf.sys
0xB9D2A000 Ntfs.sys
0xB9CFD000 NDIS.sys
0xBA108000 PBADRV.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CE3000 Mup.sys
0xBA330000 avgrkx86.sys
0xBA4C8000 avgidshx.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA158000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA178000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9C3F000 \SystemRoot\system32\DRIVERS\ks.sys
0xB831F000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB830B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB82CD000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB82A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8281000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8146000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB8132000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB8121000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB80F4000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8078000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB5C57000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB5C4F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9C76000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9C72000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB6302000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB46A4000 \SystemRoot\system32\drivers\srs_PremiumSound_i386.sys
0xB5A2C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB62F2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB468D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB62E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB62D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB5C47000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB467C000 \SystemRoot\system32\DRIVERS\psched.sys
0xB62C2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB5C3F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB5C37000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB5C2F000 \SystemRoot\system32\DRIVERS\covpndrv.sys
0xB464C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB62B2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA640000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB2FDC000 \SystemRoot\system32\DRIVERS\update.sys
0xB3D23000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9ADB0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9ADA0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9BD11000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x997D7000 \SystemRoot\system32\drivers\sthda.sys
0x997B3000 \SystemRoot\system32\drivers\portcls.sys
0x9AD90000 \SystemRoot\system32\drivers\drmk.sys
0x99797000 \SystemRoot\system32\drivers\AESTAud.sys
0x99777000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x9B075000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0x9AD80000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x9AC6C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9B95B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9B19D000 \SystemRoot\System32\Drivers\Null.SYS
0x9B959000 \SystemRoot\System32\Drivers\Beep.SYS
0x9AC5C000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x9AC54000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9AC4C000 \SystemRoot\System32\drivers\vga.sys
0x9B957000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x9B955000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9AC44000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9AC3C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9B069000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x99744000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x996EB000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x996A3000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x9967D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x99655000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9AD70000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x99633000 \SystemRoot\System32\drivers\afd.sys
0x9AD60000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x9AD50000 \SystemRoot\system32\DRIVERS\netbios.sys
0x99608000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x99598000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9AD40000 \SystemRoot\System32\Drivers\Fips.SYS
0x99560000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x9A0EB000 \SystemRoot\System32\Drivers\cvusbdrv.sys
0x9A0DB000 \SystemRoot\system32\DRIVERS\usbccid.sys
0x9A402000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xB89AC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x99485000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9C7E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA468000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7E8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBF691000 \SystemRoot\System32\ATMFD.DLL
0x99413000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0xB2DBE000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0x99942000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x9A167000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x993FA000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xB7E92000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xAEDF0000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xB7E8A000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xB7E82000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x993E4000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x993CD000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xB76CC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99318000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA268000 \SystemRoot\system32\drivers\sysaudio.sys
0x9917D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x99021000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0xB4C8A000 \SystemRoot\system32\drivers\bcmwlnpf.sys
0x9892D000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA388000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0x973A1000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0xB5983000 \SystemRoot\System32\Drivers\PCASp50.sys
0x97158000 \SystemRoot\System32\Drivers\HTTP.sys
0x97084000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB0F90000 \SystemRoot\system32\DRIVERS\serscan.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 95):
0 System Idle Process
4 System
876 C:\WINDOWS\system32\smss.exe
976 csrss.exe
1000 C:\WINDOWS\system32\winlogon.exe
1044 C:\WINDOWS\system32\services.exe
1056 C:\WINDOWS\system32\lsass.exe
1264 C:\WINDOWS\system32\svchost.exe
1312 svchost.exe
1356 C:\WINDOWS\system32\svchost.exe
1396 C:\WINDOWS\system32\svchost.exe
1452 svchost.exe
1540 svchost.exe
1752 C:\WINDOWS\system32\WLTRYSVC.EXE
1808 C:\WINDOWS\system32\BCMWLTRY.EXE
1952 C:\WINDOWS\system32\spoolsv.exe
328 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
348 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
364 scardsvr.exe
520 svchost.exe
688 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
768 wmiprvse.exe
1432 C:\Program Files\Google\Update\GoogleUpdate.exe
1576 C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
1652 C:\Program Files\Intel\ASF Agent\ASFAgent.exe
1672 C:\WINDOWS\explorer.exe
1864 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
2204 C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
2384 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
2604 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
2684 C:\Program Files\AVG\AVG2012\avgnsx.exe
2752 igfxext.exe
2820 igfxsrvc.exe
2948 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
3080 C:\WINDOWS\system32\svchost.exe
3116 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
3164 C:\WINDOWS\system32\svchost.exe
3220 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3268 C:\Program Files\Java\jre6\bin\jqs.exe
3572 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3576 C:\Program Files\DellTPad\Apoint.exe
3584 C:\Program Files\IDT\WDM\sttray.exe
3616 C:\WINDOWS\system32\AESTFltr.exe
3676 C:\WINDOWS\system32\hkcmd.exe
3692 C:\WINDOWS\system32\igfxpers.exe
3720 C:\WINDOWS\system32\svchost.exe
3724 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3776 C:\WINDOWS\system32\igfxsrvc.exe
3784 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
3800 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
3840 C:\WINDOWS\system32\svchost.exe
3876 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
3888 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
3892 C:\Program Files\DellTPad\ApMsgFwd.exe
3924 C:\WINDOWS\system32\WLTRAY.EXE
3940 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
4000 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
4024 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4040 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4068 C:\Program Files\DellTPad\hidfind.exe
4072 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
4080 C:\Program Files\DellTPad\ApntEx.exe
208 C:\WINDOWS\system32\svchost.exe
332 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
656 C:\Program Files\AVG\AVG2012\avgtray.exe
668 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
968 C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
1376 C:\Program Files\Ask.com\Updater\Updater.exe
1476 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1532 C:\Program Files\AVG Secure Search\vprot.exe
300 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
2084 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2128 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
2144 C:\WINDOWS\system32\ctfmon.exe
2244 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2280 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
1624 C:\WINDOWS\system32\searchindexer.exe
2984 C:\Program Files\Steam\Steam.exe
3436 C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
4264 C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
4388 C:\Program Files\AVG\AVG2012\avgidsagent.exe
5876 C:\Program Files\Google\Update\GoogleUpdate.exe
5452 alg.exe
4360 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
5256 unsecapp.exe
4620 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3856 C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2160 C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3444 C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4284 C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
6068 C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4200 C:\WINDOWS\system32\searchprotocolhost.exe
5440 searchfilterhost.exe
1024 C:\Documents and Settings\Jared Richard\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2804 C:\Documents and Settings\Jared Richard\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0bc43000 (NTFS)

PhysicalDrive0 Model Number: ST9160314AS, Rev: 0003DEM1

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!



I tried 3 times and was unable to get a ComboFix log.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 07 August 2012 - 08:08 AM

Try this one.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#11 richajx09

richajx09
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 07 August 2012 - 05:05 PM

I tried the OTL scan twice and got the same error both times:
Access violation at address 0052C053 in module 'otl.exe'. Read of address 00000000.

Also, I now cannot run programs the way I was because when I right click on a shortcut, the "Run as" option is not there for some reason. I have to go into the Program Files folder to run anything.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 08 August 2012 - 07:34 AM

I suggest you run Rkill again and without restarting the computer run any of the tools I suggested.

Post any log that you may be able to generate.

if that fails,

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Keep me posted.

#13 richajx09

richajx09
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 09 August 2012 - 12:25 PM

I was still unable to get a log from OTL and Combofix. Here is the ESETscan log:

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP507\A0144899.dll Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP508\A0147603.exe a variant of Win32/Adware.AdvPCTweak application cleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP510\A0151987.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 09 August 2012 - 01:26 PM

Can you run OTL is safe mode and post the log.

#15 richajx09

richajx09
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 10 August 2012 - 07:49 PM

I ran OTL in safe mode and got the same error as before.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users