Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet VERY slow. Please check dds log.


  • This topic is locked This topic is locked
26 replies to this topic

#1 mediamom

mediamom

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 July 2012 - 08:51 PM

I am working on an XP machine (my LAST family member to help this summer!). The internet has become very, very slow. MBAM was run a couple of weeks ago and removed several malware entries. However, it is still slow. I think I found the originating problem: java had not been updated in several years! YIKES! So I'm sure it's chock full of malware hiding in places. Can you please help?
Here is the DDS log:

THANKS!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Sharon at 20:43:05 on 2012-07-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.122 [GMT -5:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\sharon\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{EE718193-D76D-4496-9930-0953BD4A6384} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-7 655944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-7 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
.
=============== Created Last 30 ================
.
2012-07-31 01:10:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-31 01:10:13 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-31 01:10:12 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-31 00:29:44 -------- d-----w- c:\program files\VS Revo Group
2012-07-30 23:44:53 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-07-30 23:44:53 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-07-30 23:44:51 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-07-30 23:44:51 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-07-30 23:44:39 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-07-30 23:44:39 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-07-07 15:44:07 -------- d-----w- c:\documents and settings\sharon\application data\Malwarebytes
2012-07-07 15:42:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-07 15:42:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 15:42:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-07-27 01:10:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 01:10:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 20:44:47.35 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:37 PM

Posted 04 August 2012 - 08:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463177 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 04 August 2012 - 11:03 PM

I am still waiting for help with this slow XP machine. I could not run dds again so see the above post. Here is the GMER log:
Thanks in advance for your help!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-04 22:58:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
Running: 3607qzwk.exe; Driver: C:\DOCUME~1\Sharon\LOCALS~1\Temp\fxldypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEF21EF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEF21EFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEF21F080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEF21F11C]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF89C3760]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 05 August 2012 - 03:16 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 05 August 2012 - 01:08 PM

Thanks so much for your help!
Here is the security check log. I cannot run combofix right now because the bad computer is a desktop and I have no internet connection right now. I brought it with me on vacation so I wouldn't miss your reply. :) I have wireless connection on my laptop but no connection for the desktop.
Is there any other way to install the windows recovery console for that machine? I do not have the CD.

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 33
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 05 August 2012 - 01:22 PM

go ahead and move combofix with a jump drive and we will deal with the recovery console later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 05 August 2012 - 04:32 PM

I've got combofix moved over and ran it but it stops me at the point where it needs recovery console.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 05 August 2012 - 04:45 PM

you should be able to OK it to go past it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 05 August 2012 - 05:45 PM

OK. Here is the combofix log.

ComboFix 12-08-05.02 - Sharon 08/05/2012 17:28:38.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.104 [GMT -5:00]
Running from: c:\documents and settings\Sharon\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sharon\Application Data\5C42.D7D
c:\documents and settings\Sharon\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\FUSION.DLL
c:\windows\system32\URTTemp\MSCOREE.DLL
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\MSCORSN.DLL
c:\windows\system32\URTTemp\MSCORWKS.DLL
c:\windows\system32\URTTemp\MSVCR71.DLL
c:\windows\system32\URTTemp\REGTLIB.EXE
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-07-31 01:10 . 2012-07-31 01:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-31 01:10 . 2012-07-31 01:09 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-31 01:10 . 2012-07-31 01:09 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-31 00:29 . 2012-07-31 00:29 -------- d-----w- c:\program files\VS Revo Group
2012-07-30 23:44 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-07-30 23:44 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-07-30 23:44 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-07-30 23:44 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-07-30 23:44 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-07-30 23:44 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-07-07 15:44 . 2012-07-07 15:44 -------- d-----w- c:\documents and settings\Sharon\Application Data\Malwarebytes
2012-07-07 15:42 . 2012-07-07 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-07 15:42 . 2012-07-14 02:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-07 15:42 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 01:10 . 2012-04-07 16:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 01:10 . 2011-11-23 01:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-11-14 23:30 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-06-18 23:29 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-06-18 23:29 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-04 10:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-04 10:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-04 10:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2008-11-15 00:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-10-22 14:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2004-08-04 10:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2007-06-18 23:29 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-04 10:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-08-04 10:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-19 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-10-19 77824]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/7/2010 4:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/7/2010 4:49 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/7/2012 10:42 AM 655944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [8/19/2010 10:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [8/19/2010 10:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [8/19/2010 10:42 PM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [7/7/2012 10:42 AM 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 11:37 AM 250056]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:10]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-430985224-883784826-401462637-1006Core.job
- c:\documents and settings\Sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-13 19:52]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-430985224-883784826-401462637-1006UA.job
- c:\documents and settings\Sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-13 19:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-WgaLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 17:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-05 17:43:56
ComboFix-quarantined-files.txt 2012-08-05 22:43
.
Pre-Run: 57,780,097,024 bytes free
Post-Run: 59,772,641,280 bytes free
.
- - End Of File - - 05474EEF2AE903BC31F518FA927B2E54

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 05 August 2012 - 05:48 PM

Greetings

When are you going to be done with your vacation or when will we be able to check things out?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 05 August 2012 - 09:15 PM

I am on vacation without internet for the bad computer until next Sunday, August 12.

Attached are my logs. I could NOT update virus definitions for aswMBR without internet. :(

21:07:05.0906 3528 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:07:05.0921 3528 ============================================================
21:07:05.0921 3528 Current date / time: 2012/08/05 21:07:05.0921
21:07:05.0921 3528 SystemInfo:
21:07:05.0921 3528
21:07:05.0921 3528 OS Version: 5.1.2600 ServicePack: 3.0
21:07:05.0921 3528 Product type: Workstation
21:07:05.0921 3528 ComputerName: SWEETIE
21:07:05.0921 3528 UserName: Sharon
21:07:05.0921 3528 Windows directory: C:\WINDOWS
21:07:05.0921 3528 System windows directory: C:\WINDOWS
21:07:05.0921 3528 Processor architecture: Intel x86
21:07:05.0921 3528 Number of processors: 2
21:07:05.0921 3528 Page size: 0x1000
21:07:05.0921 3528 Boot type: Normal boot
21:07:05.0921 3528 ============================================================
21:07:08.0109 3528 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:07:08.0109 3528 Drive \Device\Harddisk1\DR10 - Size: 0x1E380000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:07:08.0109 3528 ============================================================
21:07:08.0109 3528 \Device\Harddisk0\DR0:
21:07:08.0125 3528 MBR partitions:
21:07:08.0125 3528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8DE2BED
21:07:08.0125 3528 \Device\Harddisk1\DR10:
21:07:08.0125 3528 MBR partitions:
21:07:08.0125 3528 \Device\Harddisk1\DR10\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xF1BE0
21:07:08.0125 3528 ============================================================
21:07:08.0156 3528 C: <-> \Device\Harddisk0\DR0\Partition0
21:07:08.0156 3528 ============================================================
21:07:08.0156 3528 Initialize success
21:07:08.0156 3528 ============================================================
21:07:18.0609 2944 ============================================================
21:07:18.0609 2944 Scan started
21:07:18.0609 2944 Mode: Manual;
21:07:18.0609 2944 ============================================================
21:07:19.0265 2944 Abiosdsk - ok
21:07:19.0296 2944 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:07:19.0296 2944 abp480n5 - ok
21:07:19.0343 2944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:07:19.0359 2944 ACPI - ok
21:07:19.0375 2944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:07:19.0375 2944 ACPIEC - ok
21:07:19.0453 2944 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:07:19.0468 2944 AdobeFlashPlayerUpdateSvc - ok
21:07:19.0515 2944 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:07:19.0515 2944 adpu160m - ok
21:07:19.0546 2944 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
21:07:19.0546 2944 aeaudio - ok
21:07:19.0578 2944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:07:19.0578 2944 aec - ok
21:07:19.0609 2944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:07:19.0609 2944 AFD - ok
21:07:19.0640 2944 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
21:07:19.0640 2944 AFS2K - ok
21:07:19.0671 2944 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:07:19.0671 2944 agp440 - ok
21:07:19.0687 2944 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:07:19.0687 2944 agpCPQ - ok
21:07:19.0703 2944 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:07:19.0703 2944 Aha154x - ok
21:07:19.0718 2944 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:07:19.0734 2944 aic78u2 - ok
21:07:19.0734 2944 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:07:19.0734 2944 aic78xx - ok
21:07:19.0765 2944 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:07:19.0765 2944 Alerter - ok
21:07:19.0781 2944 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:07:19.0781 2944 ALG - ok
21:07:19.0796 2944 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:07:19.0796 2944 AliIde - ok
21:07:19.0812 2944 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:07:19.0812 2944 alim1541 - ok
21:07:19.0828 2944 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:07:19.0828 2944 amdagp - ok
21:07:19.0843 2944 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:07:19.0843 2944 amsint - ok
21:07:19.0843 2944 AppMgmt - ok
21:07:19.0875 2944 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:07:19.0890 2944 asc - ok
21:07:19.0890 2944 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:07:19.0890 2944 asc3350p - ok
21:07:19.0906 2944 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:07:19.0906 2944 asc3550 - ok
21:07:19.0937 2944 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:07:19.0937 2944 ASCTRM - ok
21:07:20.0015 2944 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
21:07:20.0015 2944 aspnet_state - ok
21:07:20.0046 2944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:07:20.0046 2944 AsyncMac - ok
21:07:20.0078 2944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:07:20.0078 2944 atapi - ok
21:07:20.0093 2944 Atdisk - ok
21:07:20.0109 2944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:07:20.0109 2944 Atmarpc - ok
21:07:20.0140 2944 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:07:20.0156 2944 AudioSrv - ok
21:07:20.0203 2944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:07:20.0203 2944 audstub - ok
21:07:20.0515 2944 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:07:20.0640 2944 AVGIDSAgent - ok
21:07:20.0765 2944 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:07:20.0765 2944 AVGIDSDriver - ok
21:07:20.0796 2944 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:07:20.0796 2944 AVGIDSEH - ok
21:07:20.0812 2944 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:07:20.0812 2944 AVGIDSFilter - ok
21:07:20.0828 2944 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:07:20.0828 2944 AVGIDSShim - ok
21:07:20.0859 2944 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:07:20.0875 2944 Avgldx86 - ok
21:07:20.0875 2944 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:07:20.0875 2944 Avgmfx86 - ok
21:07:20.0890 2944 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:07:20.0890 2944 Avgrkx86 - ok
21:07:20.0921 2944 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:07:20.0937 2944 Avgtdix - ok
21:07:21.0125 2944 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:07:21.0125 2944 avgwd - ok
21:07:21.0156 2944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:07:21.0171 2944 Beep - ok
21:07:21.0218 2944 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:07:21.0234 2944 BITS - ok
21:07:21.0265 2944 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:07:21.0265 2944 Browser - ok
21:07:21.0281 2944 bvrp_pci - ok
21:07:21.0359 2944 catchme - ok
21:07:21.0375 2944 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:07:21.0375 2944 cbidf - ok
21:07:21.0390 2944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:07:21.0390 2944 cbidf2k - ok
21:07:21.0406 2944 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:07:21.0406 2944 cd20xrnt - ok
21:07:21.0421 2944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:07:21.0421 2944 Cdaudio - ok
21:07:21.0453 2944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:07:21.0453 2944 Cdfs - ok
21:07:21.0468 2944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:07:21.0468 2944 Cdrom - ok
21:07:21.0484 2944 Changer - ok
21:07:21.0515 2944 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:07:21.0515 2944 CiSvc - ok
21:07:21.0562 2944 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:07:21.0578 2944 ClipSrv - ok
21:07:21.0609 2944 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:07:21.0609 2944 CmdIde - ok
21:07:21.0609 2944 COMSysApp - ok
21:07:21.0625 2944 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:07:21.0625 2944 Cpqarray - ok
21:07:21.0656 2944 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:07:21.0656 2944 CryptSvc - ok
21:07:21.0671 2944 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:07:21.0671 2944 dac2w2k - ok
21:07:21.0671 2944 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:07:21.0671 2944 dac960nt - ok
21:07:21.0734 2944 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:07:21.0765 2944 DcomLaunch - ok
21:07:21.0796 2944 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:07:21.0812 2944 Dhcp - ok
21:07:21.0843 2944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:07:21.0843 2944 Disk - ok
21:07:21.0843 2944 dmadmin - ok
21:07:21.0921 2944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:07:21.0968 2944 dmboot - ok
21:07:22.0062 2944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:07:22.0062 2944 dmio - ok
21:07:22.0093 2944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:07:22.0093 2944 dmload - ok
21:07:22.0125 2944 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:07:22.0125 2944 dmserver - ok
21:07:22.0156 2944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:07:22.0156 2944 DMusic - ok
21:07:22.0203 2944 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:07:22.0203 2944 Dnscache - ok
21:07:22.0250 2944 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:07:22.0265 2944 Dot3svc - ok
21:07:22.0312 2944 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:07:22.0312 2944 dpti2o - ok
21:07:22.0328 2944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:07:22.0328 2944 drmkaud - ok
21:07:22.0375 2944 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
21:07:22.0375 2944 drvmcdb - ok
21:07:22.0406 2944 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
21:07:22.0406 2944 drvnddm - ok
21:07:22.0484 2944 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
21:07:22.0484 2944 DSBrokerService - ok
21:07:22.0546 2944 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:07:22.0546 2944 DSproct - ok
21:07:22.0578 2944 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:07:22.0578 2944 dsunidrv - ok
21:07:22.0609 2944 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:07:22.0625 2944 E100B - ok
21:07:22.0656 2944 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:07:22.0656 2944 EapHost - ok
21:07:22.0687 2944 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:07:22.0687 2944 ERSvc - ok
21:07:22.0734 2944 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:07:22.0750 2944 Eventlog - ok
21:07:22.0781 2944 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:07:22.0796 2944 EventSystem - ok
21:07:22.0828 2944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:07:22.0843 2944 Fastfat - ok
21:07:22.0875 2944 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:07:22.0890 2944 FastUserSwitchingCompatibility - ok
21:07:22.0937 2944 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
21:07:22.0953 2944 Fax - ok
21:07:22.0984 2944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:07:22.0984 2944 Fdc - ok
21:07:23.0046 2944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:07:23.0046 2944 Fips - ok
21:07:23.0093 2944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:07:23.0093 2944 Flpydisk - ok
21:07:23.0125 2944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:07:23.0125 2944 FltMgr - ok
21:07:23.0140 2944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:07:23.0156 2944 Fs_Rec - ok
21:07:23.0203 2944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:07:23.0203 2944 Ftdisk - ok
21:07:23.0234 2944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:07:23.0234 2944 Gpc - ok
21:07:23.0281 2944 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:07:23.0281 2944 helpsvc - ok
21:07:23.0328 2944 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:07:23.0328 2944 HidServ - ok
21:07:23.0359 2944 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:07:23.0359 2944 HidUsb - ok
21:07:23.0406 2944 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:07:23.0406 2944 hkmsvc - ok
21:07:23.0453 2944 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:07:23.0453 2944 hpn - ok
21:07:23.0484 2944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:07:23.0500 2944 HTTP - ok
21:07:23.0546 2944 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:07:23.0546 2944 HTTPFilter - ok
21:07:23.0578 2944 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:07:23.0578 2944 i2omgmt - ok
21:07:23.0609 2944 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:07:23.0609 2944 i2omp - ok
21:07:23.0640 2944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:07:23.0640 2944 i8042prt - ok
21:07:23.0718 2944 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:07:23.0765 2944 ialm - ok
21:07:23.0875 2944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:07:23.0875 2944 Imapi - ok
21:07:23.0921 2944 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:07:23.0937 2944 ImapiService - ok
21:07:23.0968 2944 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:07:23.0968 2944 ini910u - ok
21:07:24.0125 2944 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:07:24.0171 2944 IntelC51 - ok
21:07:24.0234 2944 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:07:24.0250 2944 IntelC52 - ok
21:07:24.0265 2944 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:07:24.0281 2944 IntelC53 - ok
21:07:24.0296 2944 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:07:24.0296 2944 IntelIde - ok
21:07:24.0343 2944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:07:24.0343 2944 intelppm - ok
21:07:24.0390 2944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:07:24.0390 2944 Ip6Fw - ok
21:07:24.0421 2944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:07:24.0421 2944 IpFilterDriver - ok
21:07:24.0453 2944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:07:24.0453 2944 IpInIp - ok
21:07:24.0484 2944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:07:24.0484 2944 IpNat - ok
21:07:24.0515 2944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:07:24.0515 2944 IPSec - ok
21:07:24.0546 2944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:07:24.0546 2944 IRENUM - ok
21:07:24.0578 2944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:07:24.0593 2944 isapnp - ok
21:07:24.0687 2944 JavaQuickStarterService (28e8a9984ba1297efe44b6138d2ca51e) C:\Program Files\Java\jre6\bin\jqs.exe
21:07:24.0703 2944 JavaQuickStarterService - ok
21:07:24.0718 2944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:07:24.0734 2944 Kbdclass - ok
21:07:24.0765 2944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:07:24.0765 2944 kbdhid - ok
21:07:24.0796 2944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:07:24.0812 2944 kmixer - ok
21:07:24.0859 2944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:07:24.0859 2944 KSecDD - ok
21:07:24.0890 2944 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:07:24.0890 2944 lanmanserver - ok
21:07:24.0937 2944 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:07:24.0953 2944 lanmanworkstation - ok
21:07:24.0953 2944 lbrtfdc - ok
21:07:24.0984 2944 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:07:25.0000 2944 LmHosts - ok
21:07:25.0078 2944 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
21:07:25.0078 2944 MBAMProtector - ok
21:07:25.0140 2944 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:07:25.0171 2944 MBAMService - ok
21:07:25.0203 2944 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:07:25.0203 2944 Messenger - ok
21:07:25.0234 2944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:07:25.0234 2944 mnmdd - ok
21:07:25.0296 2944 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:07:25.0296 2944 mnmsrvc - ok
21:07:25.0328 2944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:07:25.0328 2944 Modem - ok
21:07:25.0359 2944 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:07:25.0375 2944 MODEMCSA - ok
21:07:25.0375 2944 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:07:25.0375 2944 mohfilt - ok
21:07:25.0406 2944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:07:25.0406 2944 Mouclass - ok
21:07:25.0437 2944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:07:25.0437 2944 mouhid - ok
21:07:25.0468 2944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:07:25.0468 2944 MountMgr - ok
21:07:25.0500 2944 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:07:25.0500 2944 mraid35x - ok
21:07:25.0546 2944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:07:25.0546 2944 MRxDAV - ok
21:07:25.0609 2944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:07:25.0625 2944 MRxSmb - ok
21:07:25.0656 2944 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:07:25.0656 2944 MSDTC - ok
21:07:25.0703 2944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:07:25.0703 2944 Msfs - ok
21:07:25.0703 2944 MSIServer - ok
21:07:25.0734 2944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:07:25.0734 2944 MSKSSRV - ok
21:07:25.0750 2944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:07:25.0750 2944 MSPCLOCK - ok
21:07:25.0796 2944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:07:25.0796 2944 MSPQM - ok
21:07:25.0828 2944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:07:25.0843 2944 mssmbios - ok
21:07:25.0875 2944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:07:25.0875 2944 Mup - ok
21:07:25.0906 2944 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
21:07:25.0906 2944 MxlW2k - ok
21:07:26.0000 2944 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:07:26.0078 2944 napagent - ok
21:07:26.0125 2944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:07:26.0140 2944 NDIS - ok
21:07:26.0171 2944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:07:26.0171 2944 NdisTapi - ok
21:07:26.0203 2944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:07:26.0203 2944 Ndisuio - ok
21:07:26.0234 2944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:07:26.0234 2944 NdisWan - ok
21:07:26.0265 2944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:07:26.0265 2944 NDProxy - ok
21:07:26.0281 2944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:07:26.0281 2944 NetBIOS - ok
21:07:26.0328 2944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:07:26.0328 2944 NetBT - ok
21:07:26.0375 2944 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:07:26.0390 2944 NetDDE - ok
21:07:26.0390 2944 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:07:26.0390 2944 NetDDEdsdm - ok
21:07:26.0437 2944 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:26.0437 2944 Netlogon - ok
21:07:26.0484 2944 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:07:26.0500 2944 Netman - ok
21:07:26.0609 2944 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
21:07:26.0609 2944 NetSvc - ok
21:07:26.0656 2944 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:07:26.0656 2944 Nla - ok
21:07:26.0687 2944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:07:26.0687 2944 Npfs - ok
21:07:26.0750 2944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:07:26.0765 2944 Ntfs - ok
21:07:26.0781 2944 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:26.0781 2944 NtLmSsp - ok
21:07:26.0828 2944 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:07:26.0843 2944 NtmsSvc - ok
21:07:26.0875 2944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:07:26.0875 2944 Null - ok
21:07:27.0031 2944 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:07:27.0109 2944 nv - ok
21:07:27.0140 2944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:07:27.0156 2944 NwlnkFlt - ok
21:07:27.0156 2944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:07:27.0156 2944 NwlnkFwd - ok
21:07:27.0234 2944 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:07:27.0234 2944 ose - ok
21:07:27.0265 2944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:07:27.0265 2944 Parport - ok
21:07:27.0296 2944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:07:27.0296 2944 PartMgr - ok
21:07:27.0328 2944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:07:27.0328 2944 ParVdm - ok
21:07:27.0359 2944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:07:27.0359 2944 PCI - ok
21:07:27.0375 2944 PCIDump - ok
21:07:27.0406 2944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:07:27.0406 2944 PCIIde - ok
21:07:27.0437 2944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:07:27.0437 2944 Pcmcia - ok
21:07:27.0437 2944 PDCOMP - ok
21:07:27.0453 2944 PDFRAME - ok
21:07:27.0468 2944 PDRELI - ok
21:07:27.0468 2944 PDRFRAME - ok
21:07:27.0500 2944 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:07:27.0500 2944 perc2 - ok
21:07:27.0500 2944 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:07:27.0500 2944 perc2hib - ok
21:07:27.0562 2944 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:07:27.0562 2944 PlugPlay - ok
21:07:27.0593 2944 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:27.0593 2944 PolicyAgent - ok
21:07:27.0625 2944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:07:27.0625 2944 PptpMiniport - ok
21:07:27.0640 2944 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:27.0640 2944 ProtectedStorage - ok
21:07:27.0656 2944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:07:27.0656 2944 PSched - ok
21:07:27.0687 2944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:07:27.0687 2944 Ptilink - ok
21:07:27.0718 2944 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:07:27.0718 2944 PxHelp20 - ok
21:07:27.0765 2944 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:07:27.0765 2944 ql1080 - ok
21:07:27.0765 2944 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:07:27.0765 2944 Ql10wnt - ok
21:07:27.0781 2944 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:07:27.0781 2944 ql12160 - ok
21:07:27.0796 2944 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:07:27.0796 2944 ql1240 - ok
21:07:27.0812 2944 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:07:27.0812 2944 ql1280 - ok
21:07:27.0828 2944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:07:27.0828 2944 RasAcd - ok
21:07:27.0859 2944 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:07:27.0859 2944 RasAuto - ok
21:07:27.0890 2944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:07:27.0890 2944 Rasl2tp - ok
21:07:27.0921 2944 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:07:27.0937 2944 RasMan - ok
21:07:27.0953 2944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:07:27.0953 2944 RasPppoe - ok
21:07:27.0968 2944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:07:27.0984 2944 Raspti - ok
21:07:28.0015 2944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:07:28.0031 2944 Rdbss - ok
21:07:28.0062 2944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:07:28.0062 2944 RDPCDD - ok
21:07:28.0109 2944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:07:28.0109 2944 rdpdr - ok
21:07:28.0156 2944 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:07:28.0156 2944 RDPWD - ok
21:07:28.0203 2944 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:07:28.0218 2944 RDSessMgr - ok
21:07:28.0265 2944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:07:28.0265 2944 redbook - ok
21:07:28.0312 2944 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:07:28.0312 2944 RemoteAccess - ok
21:07:28.0359 2944 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:07:28.0359 2944 RpcLocator - ok
21:07:28.0437 2944 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:07:28.0437 2944 RpcSs - ok
21:07:28.0484 2944 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:07:28.0484 2944 RSVP - ok
21:07:28.0531 2944 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:07:28.0531 2944 SamSs - ok
21:07:28.0578 2944 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:07:28.0578 2944 SCardSvr - ok
21:07:28.0640 2944 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:07:28.0671 2944 Schedule - ok
21:07:28.0703 2944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:07:28.0703 2944 Secdrv - ok
21:07:28.0734 2944 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:07:28.0734 2944 seclogon - ok
21:07:28.0765 2944 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:07:28.0765 2944 SENS - ok
21:07:28.0796 2944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:07:28.0796 2944 serenum - ok
21:07:28.0828 2944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:07:28.0828 2944 Serial - ok
21:07:28.0828 2944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:07:28.0828 2944 Sfloppy - ok
21:07:28.0890 2944 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:07:28.0890 2944 SharedAccess - ok
21:07:28.0921 2944 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:07:28.0921 2944 ShellHWDetection - ok
21:07:28.0937 2944 Simbad - ok
21:07:28.0968 2944 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:07:28.0968 2944 sisagp - ok
21:07:29.0046 2944 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
21:07:29.0062 2944 smwdm - ok
21:07:29.0093 2944 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:07:29.0093 2944 Sparrow - ok
21:07:29.0140 2944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:07:29.0140 2944 splitter - ok
21:07:29.0171 2944 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:07:29.0171 2944 Spooler - ok
21:07:29.0203 2944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:07:29.0203 2944 sr - ok
21:07:29.0234 2944 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:07:29.0250 2944 srservice - ok
21:07:29.0296 2944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:07:29.0312 2944 Srv - ok
21:07:29.0343 2944 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:07:29.0343 2944 sscdbhk5 - ok
21:07:29.0390 2944 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:07:29.0390 2944 SSDPSRV - ok
21:07:29.0406 2944 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
21:07:29.0406 2944 ssrtln - ok
21:07:29.0468 2944 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:07:29.0484 2944 stisvc - ok
21:07:29.0515 2944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:07:29.0515 2944 swenum - ok
21:07:29.0531 2944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:07:29.0531 2944 swmidi - ok
21:07:29.0546 2944 SwPrv - ok
21:07:29.0578 2944 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:07:29.0578 2944 symc810 - ok
21:07:29.0609 2944 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:07:29.0609 2944 symc8xx - ok
21:07:29.0625 2944 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:07:29.0625 2944 sym_hi - ok
21:07:29.0640 2944 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:07:29.0640 2944 sym_u3 - ok
21:07:29.0656 2944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:07:29.0656 2944 sysaudio - ok
21:07:29.0703 2944 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:07:29.0703 2944 SysmonLog - ok
21:07:29.0750 2944 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:07:29.0765 2944 TapiSrv - ok
21:07:29.0812 2944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:07:29.0812 2944 Tcpip - ok
21:07:29.0843 2944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:07:29.0843 2944 TDPIPE - ok
21:07:29.0859 2944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:07:29.0859 2944 TDTCP - ok
21:07:29.0875 2944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:07:29.0875 2944 TermDD - ok
21:07:29.0921 2944 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:07:29.0937 2944 TermService - ok
21:07:30.0000 2944 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
21:07:30.0000 2944 tfsnboio - ok
21:07:30.0031 2944 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
21:07:30.0031 2944 tfsncofs - ok
21:07:30.0046 2944 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
21:07:30.0062 2944 tfsndrct - ok
21:07:30.0093 2944 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
21:07:30.0093 2944 tfsndres - ok
21:07:30.0109 2944 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
21:07:30.0109 2944 tfsnifs - ok
21:07:30.0140 2944 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
21:07:30.0140 2944 tfsnopio - ok
21:07:30.0156 2944 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
21:07:30.0156 2944 tfsnpool - ok
21:07:30.0187 2944 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
21:07:30.0187 2944 tfsnudf - ok
21:07:30.0218 2944 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
21:07:30.0218 2944 tfsnudfa - ok
21:07:30.0250 2944 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:07:30.0265 2944 Themes - ok
21:07:30.0281 2944 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:07:30.0281 2944 TosIde - ok
21:07:30.0328 2944 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:07:30.0328 2944 TrkWks - ok
21:07:30.0359 2944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:07:30.0359 2944 Udfs - ok
21:07:30.0375 2944 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:07:30.0390 2944 ultra - ok
21:07:30.0437 2944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:07:30.0453 2944 Update - ok
21:07:30.0484 2944 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:07:30.0500 2944 upnphost - ok
21:07:30.0531 2944 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:07:30.0531 2944 UPS - ok
21:07:30.0562 2944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:07:30.0578 2944 usbccgp - ok
21:07:30.0593 2944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:07:30.0593 2944 usbehci - ok
21:07:30.0640 2944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:07:30.0640 2944 usbhub - ok
21:07:30.0671 2944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:07:30.0671 2944 USBSTOR - ok
21:07:30.0687 2944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:07:30.0687 2944 usbuhci - ok
21:07:30.0718 2944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:07:30.0718 2944 VgaSave - ok
21:07:30.0750 2944 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:07:30.0750 2944 viaagp - ok
21:07:30.0781 2944 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:07:30.0781 2944 ViaIde - ok
21:07:30.0796 2944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:07:30.0796 2944 VolSnap - ok
21:07:30.0843 2944 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:07:30.0843 2944 VSS - ok
21:07:30.0890 2944 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:07:30.0906 2944 w32time - ok
21:07:30.0937 2944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:07:30.0937 2944 Wanarp - ok
21:07:30.0937 2944 wanatw - ok
21:07:30.0953 2944 WDICA - ok
21:07:30.0984 2944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:07:30.0984 2944 wdmaud - ok
21:07:31.0015 2944 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:07:31.0031 2944 WebClient - ok
21:07:31.0093 2944 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:07:31.0109 2944 winmgmt - ok
21:07:31.0156 2944 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
21:07:31.0156 2944 WmdmPmSN - ok
21:07:31.0203 2944 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:07:31.0203 2944 WmiApSrv - ok
21:07:31.0265 2944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:07:31.0265 2944 WS2IFSL - ok
21:07:31.0296 2944 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:07:31.0296 2944 wscsvc - ok
21:07:31.0312 2944 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:07:31.0312 2944 wuauserv - ok
21:07:31.0375 2944 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:07:31.0390 2944 WZCSVC - ok
21:07:31.0421 2944 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:07:31.0437 2944 xmlprov - ok
21:07:31.0468 2944 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
21:07:31.0859 2944 \Device\Harddisk0\DR0 - ok
21:07:31.0875 2944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR10
21:07:31.0875 2944 \Device\Harddisk1\DR10 - ok
21:07:31.0890 2944 Boot (0x1200) (a62d10db75d61b82575beb73e0f3f077) \Device\Harddisk0\DR0\Partition0
21:07:31.0890 2944 \Device\Harddisk0\DR0\Partition0 - ok
21:07:31.0890 2944 Boot (0x1200) (769d2b5c4f7bdc0710016153b8f2bce8) \Device\Harddisk1\DR10\Partition0
21:07:31.0906 2944 \Device\Harddisk1\DR10\Partition0 - ok
21:07:31.0906 2944 ============================================================
21:07:31.0906 2944 Scan finished
21:07:31.0906 2944 ============================================================
21:07:31.0921 0588 Detected object count: 0
21:07:31.0921 0588 Actual detected object count: 0


aswmbr
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 21:10:36
-----------------------------
21:10:36.250 OS Version: Windows 5.1.2600 Service Pack 3
21:10:36.250 Number of processors: 2 586 0x304
21:10:36.250 ComputerName: SWEETIE UserName: Sharon
21:10:36.734 Initialize success
21:11:31.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:11:31.609 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
21:11:32.640 Disk 0 MBR read successfully
21:11:32.640 Disk 0 MBR scan
21:11:32.656 Disk 0 unknown MBR code
21:11:32.656 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
21:11:32.671 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72645 MB offset 96390
21:11:32.687 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 148890420
21:11:32.734 Disk 0 scanning sectors +156232125
21:11:32.828 Disk 0 scanning C:\WINDOWS\system32\drivers
21:11:39.406 Service scanning
21:12:00.671 Modules scanning
21:12:20.187 Disk 0 trace - called modules:
21:12:20.203 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:12:20.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd7240]
21:12:20.218 3 CLASSPNP.SYS[f8778fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f86d98]
21:12:20.234 Scan finished successfully
21:12:42.218 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
21:12:42.250 The log file has been saved successfully to "F:\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 05 August 2012 - 09:40 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 06 August 2012 - 06:24 PM

No problems running combo. Here it is. Can't tell if the internet is faster of course, but everything seems to be working fine. :)

ComboFix 12-08-05.02 - Sharon 08/06/2012 18:09:47.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.167 [GMT -5:00]
Running from: c:\documents and settings\Sharon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sharon\Desktop\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-07-31 01:10 . 2012-07-31 01:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-31 01:10 . 2012-07-31 01:09 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-31 01:10 . 2012-07-31 01:09 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-31 00:29 . 2012-07-31 00:29 -------- d-----w- c:\program files\VS Revo Group
2012-07-30 23:44 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-07-30 23:44 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-07-30 23:44 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-07-30 23:44 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-07-30 23:44 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-07-30 23:44 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 01:10 . 2012-04-07 16:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 01:10 . 2011-11-23 01:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2012-07-07 15:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-11-14 23:30 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-06-18 23:29 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-06-18 23:29 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-04 10:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-04 10:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-04 10:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2008-11-15 00:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-10-22 14:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2004-08-04 10:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2007-06-18 23:29 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-04 10:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-08-04 10:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 10:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-10-19 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-10-19 77824]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/7/2010 4:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/7/2010 4:49 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/7/2012 10:42 AM 655944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [8/19/2010 10:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [8/19/2010 10:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [8/19/2010 10:42 PM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [7/7/2012 10:42 AM 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 11:37 AM 250056]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 82788736
*NewlyCreated* - ASWMBR
*Deregistered* - 82788736
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:10]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-430985224-883784826-401462637-1006Core.job
- c:\documents and settings\Sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-13 19:52]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-430985224-883784826-401462637-1006UA.job
- c:\documents and settings\Sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-13 19:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-06 18:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1880)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-08-06 18:20:42
ComboFix-quarantined-files.txt 2012-08-06 23:20
ComboFix2.txt 2012-08-05 22:43
.
Pre-Run: 59,769,208,832 bytes free
Post-Run: 59,756,826,624 bytes free
.
- - End Of File - - 9761EDBAEFECE9A3DF2072324FC5BBE8

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 06 August 2012 - 09:34 PM

we are at a point now that we should stop untill you can get the computer online and check it out.

the next steps are updateing thing so we need it online anyway


If it is fine with you I can lock this and when you get back you can PM me to open it.


It will also allow you to get off the computer and get into your vacation!!




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 07 August 2012 - 12:26 PM

Thank you so much Gringo! I will PM you on Monday!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users