Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef.ah and sirefef.r have infected my laptop!


  • This topic is locked This topic is locked
16 replies to this topic

#1 SquidyTheSquid

SquidyTheSquid

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 12 August 2012 - 11:00 AM

My computer has the dreaded sirefef! I'm running Windows Vista Home Basic Service Pack 2. 32 bit.

A few weeks ago Microsoft security essentials (mse) stopped running. I tried to start it again but a message came up stating that the program didn't exist as an installed service. I also noticed that windows defender was off and it also claims it doesn't exist as an installed service (error 0x80070424). When I tried to reinstall windows defender, it popped up a message "Windows Defender does not need to be installed because it is included with windows vista. You can access it from the control panel."

The other day I decided to try to get Security Essentials running again by uninstalling it and reinstalling it. It worked and began to scan my computer. It found two threats: sirefef.AH and sirefef.R . I clicked clean threats and mse started cleaning them. HOWEVER, sometime after I got mse running again, I got a notice that read: "Windows has encountered a critical error and will automatically restart in one minute. Please save you work now." My computer restarted and I got that notice again. I tried safe mode and I still got that message and force restart, but it happened slower. In safe mode I ran mse again, it saw the same threats, I clicked clean, and It claimed they were cleaned (I know they aren't).

Eventually I chose the option "Repair Computer" from the F8 menu and went to a restore point 2 weeks earlier. (But not without stupid messages claiming "the restore wizard is already running. This program will now exit." After a few minutes the wizard would pop up just fine.)

So now I'm at a restore point before I reinstalled mse (so mse and defender are not working). If I try to install and run mse again, it just starts the whole process again and I have to do another restore point.

I ran Malwarebytes and it didn't find anything. I also ran RougeKiller and deleted files that it found malicious. (ones with names like U,c,@). I also ran ComboFix. Then I tried to Windows Fix-It which did nothing. Nothing is killing this virus. I would like to avoid reinstalling my OS but I will if I have to.

I attached the requested virus scanner results and a Rouge Killer report so you can see what I removed.


Please help. Thanks in advance.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by buzz at 9:32:18 on 2012-08-11
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1002 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Users\buzz\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\buzz\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\buzz\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\users\buzz\appdata\local\akamai\netsession_win.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Skytel] Skytel.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: freeplaymusic.com
Trusted Zone: yoyogames.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://nac5.app.byu.edu/auth/taweb.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/luxr/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DhcpNameServer = 69.169.190.211 208.72.160.67
TCP: Interfaces\{8759A705-0244-4C76-8348-39B7AE2DC4DC} : DhcpNameServer = 75.75.76.76 75.75.75.75
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\buzz\appdata\roaming\mozilla\firefox\profiles\uhy429e0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/?mkt=en-US&FORM=MICI05&q=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\users\buzz\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\buzz\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\buzz\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\buzz\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-23 20384]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 bh560eth;Blackhawk 560 Ethernet JTAG Emulator Driver;c:\windows\system32\drivers\bh560eth.sys [2009-1-15 97704]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [2010-1-24 234140]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 sdiont;sdiont;c:\windows\system32\drivers\sdiont.sys [2010-1-23 4576]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-8-6 4497704]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-8-6 113448]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-8-6 13480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-15 250056]
S3 bh510usb;Blackhawk USB510 JTAG Driver;c:\windows\system32\drivers\bh510usb.sys [2009-3-23 310568]
S3 bh560usb;Blackhawk USB-JTAG 560 Driver;c:\windows\system32\drivers\bh560usb.sys [2009-3-23 318248]
S3 bhpci;Blackhawk PCI-JTAG Driver;c:\windows\system32\drivers\bhpci.sys [2009-3-23 481448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-23 954368]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\drivers\umpusbvista.sys [2010-1-23 44032]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-6 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDS560;Texas Instruments XDS560 Device Driver;c:\windows\system32\drivers\xds560.sys [2010-1-23 31472]
.
=============== Created Last 30 ================
.
2012-08-09 18:21:55 -------- d-----w- c:\users\buzz\appdata\local\ElevatedDiagnostics
2012-08-09 17:58:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-09 17:19:40 -------- d-----w- c:\program files\Microsoft Security Client(11)
2012-08-09 03:08:42 -------- d-----w- C:\Mal
2012-08-09 03:05:15 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-08-09 02:08:03 -------- d-----w- c:\program files\Microsoft Security Client(10)
2012-08-08 03:25:49 -------- d-----w- c:\users\buzz\appdata\roaming\WTablet
2012-08-08 03:25:47 -------- d-----w- c:\users\buzz\appdata\roaming\WTouch
2012-07-31 01:46:50 -------- d-----w- c:\users\buzz\appdata\local\backburner
2012-07-20 22:32:17 -------- d-----w- c:\users\buzz\appdata\roaming\Three Rings Design
.
==================== Find3M ====================
.
2012-08-09 19:37:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-09 19:37:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 01:58:30 26 ----a-w- c:\windows\winstart.bat
2012-06-22 01:58:30 140 ----a-w- c:\windows\tmpcpyis.bat
2012-06-22 01:58:30 122 ----a-w- c:\windows\tmpdelis.bat
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2011-02-02 19:20:33 89600 ----a-w- c:\program files\WinSCP.com
.
============= FINISH: 9:33:11.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:25 AM

Posted 12 August 2012 - 05:09 PM

I'd like to see the comboFix log as well please

It can be found at C:\combofix.txt (older logs at C:\qoobox\combofix2.txt)


then please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 SquidyTheSquid

SquidyTheSquid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 13 August 2012 - 01:30 PM

Thanks for the quick response!

So it turns out I didn't run combo fix earlier. So I decided to run it. While Combofix was scanning it said my system.exe was infected and it was repairing it. It was doing just fine until it restarted the computer before finishing and upon logging in I found a blank combofix window dancing across the screen. A firewall notification poped up asking if I wanted to unblock "Akamai NetSession Interface". I said keep blocking just to be safe. Not sure if that is contributing to the problem or not.

It hasn't created a log and I don't know how to stop it.


But at least it restored my firewall. My internet is fine too.

Sorry for more problems.

Thanks in advance.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:25 AM

Posted 13 August 2012 - 01:53 PM

ok, if you can just run the FRST instructions


to stop ComboFix, look in task manager (ctrl + alt + del) and end process on any of the following processes:
Pev.exe, sed.exe, cfxxx.3xe

Edited by CatByte, 13 August 2012 - 01:53 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 SquidyTheSquid

SquidyTheSquid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 13 August 2012 - 01:58 PM

Thanks, I was able to stop it.
I'll try out FRST now.
Thanks!

#6 SquidyTheSquid

SquidyTheSquid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 13 August 2012 - 03:22 PM

After I restarted my computer, combofix was able to finish the scan. I posted the log from combofix, FRST and services search. Here's the results.


ComboFix 12-08-13.01 - buzz 08/13/2012 9:13.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1084 [GMT -6:00]
Running from: c:\users\buzz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\buzz\AppData\Roaming\screensaver_City.scr
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 21:24 . 2012-08-13 21:24 -------- d-----w- C:\FRST
2012-08-09 18:21 . 2012-08-09 18:24 -------- d-----w- c:\users\buzz\AppData\Local\ElevatedDiagnostics
2012-08-09 17:58 . 2012-08-09 17:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-09 17:19 . 2012-08-09 17:19 -------- d-----w- c:\program files\Microsoft Security Client(11)
2012-08-09 03:08 . 2012-08-09 03:08 -------- d-----w- C:\Mal
2012-08-09 02:08 . 2012-08-09 02:08 -------- d-----w- c:\program files\Microsoft Security Client(10)
2012-08-08 03:25 . 2012-08-13 20:03 -------- d-----w- c:\users\buzz\AppData\Roaming\WTablet
2012-08-08 03:25 . 2012-08-08 03:25 -------- d-----w- c:\users\buzz\AppData\Roaming\WTouch
2012-07-31 01:46 . 2012-07-31 01:46 -------- d-----w- c:\users\buzz\AppData\Local\backburner
2012-07-20 22:32 . 2012-07-20 22:32 -------- d-----w- c:\users\buzz\AppData\Roaming\Three Rings Design
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 19:37 . 2012-06-15 06:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 19:37 . 2011-05-17 16:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 19:46 . 2011-05-02 17:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 01:58 . 2012-06-22 01:58 26 ----a-w- c:\windows\winstart.bat
2012-06-22 01:58 . 2012-06-22 01:58 140 ----a-w- c:\windows\tmpcpyis.bat
2012-06-22 01:58 . 2012-06-22 01:58 122 ----a-w- c:\windows\tmpdelis.bat
2012-06-02 22:19 . 2012-06-21 01:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:05 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 01:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 01:05 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 01:04 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-21 01:03 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12 . 2012-06-21 01:03 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 03:41 . 2012-07-08 15:42 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{879A5C31-C0F4-4158-A7B9-ACD3C3A71B11}\mpengine.dll
2012-05-31 03:41 . 2012-07-07 00:07 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-17 22:45 . 2012-06-14 15:17 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-14 15:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-14 15:17 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 15:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 15:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-02 19:20 . 2010-09-24 06:02 89600 ----a-w- c:\program files\WinSCP.com
2012-03-13 20:55 . 2011-03-29 05:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\buzz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\buzz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\buzz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\buzz\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamWizard]
2005-05-13 19:42 184320 ----a-w- c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 19:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 22:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 19:37]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:25]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:25]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-71685524-1126486158-3962871672-1000Core.job
- c:\users\buzz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-06 16:50]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-71685524-1126486158-3962871672-1000UA.job
- c:\users\buzz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-06 16:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: freeplaymusic.com
Trusted Zone: yoyogames.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://nac5.app.byu.edu/auth/taweb.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\buzz\AppData\Roaming\Mozilla\Firefox\Profiles\uhy429e0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/?mkt=en-US&FORM=MICI05&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-MsMpSvc
MSConfigStartUp-googletalk - c:\users\buzz\AppData\Roaming\Google\Google Talk\googletalk.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 14:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-71685524-1126486158-3962871672-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,1c,0c,70,1b,6f,0c,f4,77,1d,97,4f,69,bd,65,c5,bb,c2,19,ce,6c,
e5,d0,bf,d3,a3,e0,5f,b8,25,0a,46,ea,dd,12,68,f0,e7,40,fc,a3,9d,c4,73,5d,cb,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3352)
c:\users\buzz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\WTouch\WTouchService.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\Pen_Tablet.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\Pen_Tablet.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-13 14:14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 20:13
.
Pre-Run: 14,929,715,200 bytes free
Post-Run: 15,808,827,392 bytes free
.
- - End Of File - - AA1F2C9418875B3516F1D932515E03C2



Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 13-08-2012 13:24:40
Running from G:\
Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [150040 2008-06-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [170520 2008-06-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [145944 2008-06-25] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [combofix] C:\ComboFix\CF17263.3XE /c C:\ComboFix\Combobatch.bat [8272 2012-08-13] ()
HKU\buzz\...\Run: [TOSCDSPD] TOSCDSPD.EXE [x]
HKU\buzz\...\Run: [AdobeBridge] [x]
HKU\buzz\...\Run: [Akamai NetSession Interface] "C:\Users\buzz\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKLM\...\Runonce: [combofix] C:\ComboFix\CF17263.3XE /c C:\ComboFixCombobatch.bat [x]
HKLM\...\runonceex: [flags] 8 [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

================================ Services (Whitelisted) ==================

3 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2008-04-16] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-01-11] (Flexera Software, Inc.)
3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [431456 2008-02-06] (TOSHIBA Corporation)
2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [126976 2007-12-03] (TOSHIBA Corporation)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [113448 2009-11-23] (Wacom Technology, Corp.)
2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

4 adpu160m; C:\Windows\system32\drivers\adpu160m.sys [101432 2008-01-20] (Adaptec, Inc.)
3 bh510usb; C:\Windows\System32\Drivers\bh510usb.sys [310568 2009-03-23] (Blackhawk)
2 bh560eth; C:\Windows\System32\Drivers\bh560eth.sys [97704 2009-01-15] (Blackhawk)
3 bh560usb; C:\Windows\System32\Drivers\bh560usb.sys [318248 2009-03-23] (Blackhawk)
3 bhpci; C:\Windows\System32\Drivers\bhpci.sys [481448 2009-03-23] (Blackhawk)
2 DriverX; C:\Windows\System32\drivers\DRIVERX.SYS [234140 2003-11-16] (Tetradyne Software, Inc.)
3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
2 sdiont; \??\C:\Windows\system32\drivers\sdiont.sys [4576 1999-05-24] (Spectrum Digital Inc.)
3 SVRPEDRV; \??\C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)
3 umpusbvista; C:\Windows\System32\DRIVERS\umpusbvista.sys [44032 2008-11-25] (Texas Instruments Inc)
3 umpusbxp; C:\Windows\System32\DRIVERS\umpusbxp.sys [76768 2007-09-26] (Texas Instruments)
3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
3 XDS560; C:\Windows\System32\DRIVERS\xds560.sys [31472 2009-02-18] (Texas Instruments Incorporated)
3 catchme; \??\C:\Users\buzz\AppData\Local\Temp\catchme.sys [x]
3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-13 13:24 - 2012-08-13 13:24 - 00000000 ____D C:\FRST
2012-08-13 07:09 - 2012-08-13 08:13 - 00000000 ___SD C:\ComboFix
2012-08-13 07:09 - 2012-08-13 07:09 - 00000000 ____D C:\Qoobox
2012-08-13 07:09 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-13 07:09 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-13 07:09 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-13 07:09 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-13 07:09 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-13 07:09 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-13 07:09 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-13 07:09 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-13 07:08 - 2012-08-13 08:13 - 00000000 ____D C:\Windows\erdnt
2012-08-12 19:18 - 2012-08-13 07:08 - 04733169 ____R (Swearware) C:\Users\buzz\Desktop\ComboFix.exe
2012-08-12 07:46 - 2012-08-12 07:46 - 00001821 ____A C:\Users\buzz\Desktop\ark.txt
2012-08-12 07:44 - 2012-08-12 07:44 - 00001821 ____A C:\Users\buzz\Documents\ark.txt
2012-08-11 19:46 - 2012-08-11 19:46 - 00026831 ____A C:\Users\buzz\Desktop\ForumViruspost.odt
2012-08-11 07:37 - 2012-08-11 07:37 - 00294216 ____A C:\Users\buzz\Desktop\gmer.zip
2012-08-11 07:37 - 2012-08-11 07:37 - 00000000 ____D C:\Users\buzz\Desktop\gmer
2012-08-11 07:36 - 2012-08-11 07:36 - 00084469 ____A C:\Users\buzz\Desktop\Attach.txt
2012-08-11 07:35 - 2012-08-11 07:35 - 00017483 ____A C:\Users\buzz\Desktop\DDS.txt
2012-08-11 07:31 - 2012-08-11 07:31 - 00607260 ____R (Swearware) C:\Users\buzz\Desktop\dds.com
2012-08-09 10:49 - 2012-08-09 10:49 - 00003082 ____A C:\Users\buzz\Desktop\RKreport[2].txt
2012-08-09 10:45 - 2012-08-09 10:45 - 00002656 ____A C:\Users\buzz\Desktop\RKreport[1].txt
2012-08-09 10:42 - 2012-08-09 10:48 - 00000000 ____D C:\Users\buzz\Desktop\RK_Quarantine
2012-08-09 10:41 - 2012-08-09 10:41 - 01552896 ____A C:\Users\buzz\Desktop\RogueKiller.exe
2012-08-09 10:31 - 2012-08-09 10:31 - 00607260 ____R (Swearware) C:\Users\buzz\Desktop\dds.scr
2012-08-09 10:27 - 2012-08-09 10:27 - 00347424 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\MicrosoftFixit.malware.FISC.134267965654688778.1.4.Run.exe
2012-08-09 10:23 - 2012-08-09 10:23 - 00347424 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\MicrosoftFixit.WindowsFirewall.FISC.134267965654688778.1.3.Run.exe
2012-08-09 10:22 - 2012-08-09 10:22 - 00347424 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\MicrosoftFixit.malware.FISC.134267965654688778.1.2.Run.exe
2012-08-09 10:20 - 2012-08-09 10:20 - 00347424 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\MicrosoftFixit.malware.FISC.134267965654688778.1.1.Run.exe
2012-08-09 09:58 - 2012-08-09 09:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-09 09:55 - 2012-08-09 09:56 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\buzz\Downloads\tdsskiller.exe
2012-08-09 09:19 - 2012-08-09 09:19 - 00000000 ____D C:\Program Files\Microsoft Security Client(11)
2012-08-08 19:08 - 2012-08-08 19:08 - 00000000 ____D C:\Mal
2012-08-08 19:05 - 2012-08-08 19:05 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2012-08-08 18:08 - 2012-08-08 18:08 - 00000000 ____D C:\Program Files\Microsoft Security Client(10)
2012-08-07 19:25 - 2012-08-13 08:15 - 00000000 ____D C:\Users\buzz\AppData\Roaming\WTablet
2012-08-07 19:25 - 2012-08-07 19:25 - 00000000 ____D C:\Users\buzz\AppData\Roaming\WTouch
2012-07-31 17:26 - 2012-07-31 17:26 - 00041892 ____A C:\Users\buzz\Desktop\MultiPlayer.zip
2012-07-30 17:46 - 2012-07-30 17:46 - 00000000 ____D C:\Users\buzz\AppData\Local\backburner
2012-07-25 15:45 - 2012-07-27 14:24 - 00010816 ____A C:\Users\buzz\Documents\SelfBioAlightSidney.odt
2012-07-20 14:33 - 2012-05-21 14:33 - 00000032 ___RA C:\Users\All Users\hash.dat
2012-07-20 14:32 - 2012-07-20 14:32 - 00002007 ____A C:\Users\buzz\Desktop\Spiral Knights.lnk
2012-07-20 14:32 - 2012-07-20 14:32 - 00000000 ____D C:\Users\buzz\AppData\Roaming\Three Rings Design
2012-07-20 14:28 - 2012-07-20 14:29 - 00671696 ____A (Three Rings Design, Inc.) C:\Users\buzz\Downloads\spiral-install.exe
2012-07-16 20:06 - 2012-07-30 20:41 - 00084693 ____A C:\Users\buzz\Desktop\HodgePodgeTitle.aep
2012-07-16 14:12 - 2012-07-16 21:07 - 00018468 ____A C:\Users\buzz\Documents\SunandMoonKnight.odt
2012-07-14 14:28 - 2012-07-14 14:44 - 00000000 ____D C:\Users\buzz\Documents\New Unity Project 3
2012-07-14 14:25 - 2012-07-14 14:28 - 00000000 ____D C:\Users\buzz\Documents\New Unity Project 2

============ 3 Months Modified Files ========================

2012-08-13 11:21 - 2008-12-22 22:42 - 01519446 ____A C:\Windows\WindowsUpdate.log
2012-08-13 11:21 - 2006-11-02 04:58 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-13 11:21 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-13 11:21 - 2006-11-02 04:45 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 11:21 - 2006-11-02 04:45 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 11:15 - 2010-03-06 14:48 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-13 11:09 - 2011-09-06 08:51 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-71685524-1126486158-3962871672-1000UA.job
2012-08-13 10:37 - 2012-07-07 14:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-13 08:15 - 2010-03-06 14:48 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 08:14 - 2008-01-20 19:02 - 00114878 ____A C:\Windows\PFRO.log
2012-08-13 07:08 - 2012-08-12 19:18 - 04733169 ____R (Swearware) C:\Users\buzz\Desktop\ComboFix.exe
2012-08-12 20:09 - 2011-09-06 08:50 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-71685524-1126486158-3962871672-1000Core.job
2012-08-12 12:41 - 2006-11-02 02:33 - 00706586 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-12 07:46 - 2012-08-12 07:46 - 00001821 ____A C:\Users\buzz\Desktop\ark.txt
2012-08-12 07:44 - 2012-08-12 07:44 - 00001821 ____A C:\Users\buzz\Documents\ark.txt
2012-08-12 01:16 - 2009-09-28 11:47 - 00000454 ____A C:\Windows\Tasks\Driver Robot.job
2012-08-11 19:46 - 2012-08-11 19:46 - 00026831 ____A C:\Users\buzz\Desktop\ForumViruspost.odt
2012-08-11 07:37 - 2012-08-11 07:37 - 00294216 ____A C:\Users\buzz\Desktop\gmer.zip
2012-08-11 07:36 - 2012-08-11 07:36 - 00084469 ____A C:\Users\buzz\Desktop\Attach.txt
2012-08-11 07:35 - 2012-08-11 07:35 - 00017483 ____A C:\Users\buzz\Desktop\DDS.txt
2012-08-11 07:31 - 2012-08-11 07:31 - 00607260 ____R (Swearware) C:\Users\buzz\Desktop\dds.com
2012-08-09 11:44 - 2006-11-02 02:22 - 59768832 ____A C:\Windows\System32\config\software_previous
2012-08-09 11:44 - 2006-11-02 02:22 - 23855104 ____A C:\Windows\System32\config\system_previous
2012-08-09 11:38 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-09 11:38 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-08-09 11:37 - 2012-06-14 22:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-09 11:37 - 2011-05-17 08:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-09 10:49 - 2012-08-09 10:49 - 00003082 ____A C:\Users\buzz\Desktop\RKreport[2].txt
2012-08-09 10:45 - 2012-08-09 10:45 - 00002656 ____A C:\Users\buzz\Desktop\RKreport[1].txt
2012-08-09 10:41 - 2012-08-09 10:41 - 01552896 ____A C:\Users\buzz\Desktop\RogueKiller.exe
2012-08-09 10:31 - 2012-08-09 10:31 - 00607260 ____R (Swearware) C:\Users\buzz\Desktop\dds.scr
2012-08-09 10:27 - 2012-08-09 10:27 - 00347424 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\MicrosoftFixit.malware.FISC.134267965654688778.1.4.Run.exe
2012-08-09 10:23 - 2012-08-09 10:23 - 00347424 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\MicrosoftFixit.WindowsFirewall.FISC.134267965654688778.1.3.Run.exe
2012-08-09 10:22 - 2012-08-09 10:22 - 00347424 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\MicrosoftFixit.malware.FISC.134267965654688778.1.2.Run.exe
2012-08-09 10:20 - 2012-08-09 10:20 - 00347424 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\MicrosoftFixit.malware.FISC.134267965654688778.1.1.Run.exe
2012-08-09 09:56 - 2012-08-09 09:55 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\buzz\Downloads\tdsskiller.exe
2012-08-09 09:36 - 2006-11-02 02:22 - 36700160 ____A C:\Windows\System32\config\components_previous
2012-08-09 09:36 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-08-08 19:27 - 2009-06-04 20:36 - 00001356 ____A C:\Users\buzz\AppData\Local\d3d9caps.dat
2012-08-08 17:42 - 2010-11-14 14:24 - 00000132 ____A C:\Users\buzz\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-31 17:26 - 2012-07-31 17:26 - 00041892 ____A C:\Users\buzz\Desktop\MultiPlayer.zip
2012-07-30 20:41 - 2012-07-16 20:06 - 00084693 ____A C:\Users\buzz\Desktop\HodgePodgeTitle.aep
2012-07-29 12:36 - 2010-11-02 17:59 - 00000118 ____A C:\Users\buzz\jobq.dat
2012-07-27 14:24 - 2012-07-25 15:45 - 00010816 ____A C:\Users\buzz\Documents\SelfBioAlightSidney.odt
2012-07-24 16:26 - 2009-06-05 10:55 - 00005141 ____A C:\Users\Public\Documents\Global.sw2
2012-07-20 14:32 - 2012-07-20 14:32 - 00002007 ____A C:\Users\buzz\Desktop\Spiral Knights.lnk
2012-07-20 14:29 - 2012-07-20 14:28 - 00671696 ____A (Three Rings Design, Inc.) C:\Users\buzz\Downloads\spiral-install.exe
2012-07-16 21:07 - 2012-07-16 14:12 - 00018468 ____A C:\Users\buzz\Documents\SunandMoonKnight.odt
2012-07-13 15:44 - 2012-07-13 15:44 - 01456811 ____A C:\Users\buzz\Documents\stickers.odt
2012-07-03 11:46 - 2011-05-02 09:52 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 21:13 - 2012-06-17 18:19 - 00017719 ____A C:\Users\buzz\Documents\HordeStory.odt
2012-06-30 11:35 - 2012-06-30 11:34 - 00086848 ____A (Spotify Ltd) C:\Users\buzz\Downloads\SpotifySetup.exe
2012-06-21 18:44 - 2012-06-21 18:44 - 00000000 ____A C:\Windows\MPLAYER.INI
2012-06-21 17:58 - 2012-06-21 17:58 - 00000438 ____A C:\Windows\wininit.ini
2012-06-21 17:58 - 2012-06-21 17:58 - 00000140 ____A C:\Windows\tmpcpyis.bat
2012-06-21 17:58 - 2012-06-21 17:58 - 00000122 ____A C:\Windows\tmpdelis.bat
2012-06-21 17:58 - 2012-06-21 17:58 - 00000026 ____A C:\Windows\winstart.bat
2012-06-18 17:40 - 2012-06-18 17:39 - 21295609 ____A C:\Users\buzz\Downloads\DVDExpress.zip
2012-06-18 17:12 - 2012-06-18 17:11 - 00992792 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\Tmos104.exe
2012-06-18 16:39 - 2009-06-04 17:53 - 00177152 ____A C:\Users\buzz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-17 20:02 - 2012-06-17 12:39 - 05397203 ____A C:\Users\buzz\Documents\StylesForGame.odt
2012-06-15 22:04 - 2012-06-13 18:04 - 00021194 ____A C:\Users\buzz\Documents\HordeGameDesignDoc.odt
2012-06-15 14:03 - 2012-05-07 10:52 - 10288512 ____A (Microsoft Corporation) C:\Users\buzz\Downloads\mseinstall.exe
2012-06-15 14:03 - 2011-01-26 13:20 - 00002198 ____A C:\Windows\epplauncher.mif
2012-06-15 10:58 - 2012-06-15 10:57 - 05154304 ____A C:\Users\buzz\Downloads\WindowsDefender.msi
2012-06-14 22:12 - 2006-11-02 04:44 - 03784040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 11:02 - 2012-06-14 11:02 - 00362771 ____A C:\Users\buzz\Desktop\AspectRatioExample.gmz
2012-06-14 07:29 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-11 20:38 - 2012-06-11 20:20 - 00000464 ____A C:\Users\buzz\Ethan'sShooterGame.lnk
2012-06-11 13:02 - 2012-06-03 19:44 - 05178996 ____A C:\Users\buzz\VectorCroc.psd
2012-06-10 18:15 - 2012-06-10 18:14 - 74982768 ____A (Apple Inc.) C:\Users\buzz\Downloads\iTunesSetup.exe
2012-06-09 12:25 - 2012-06-09 12:23 - 12613611 ____A C:\Users\buzz\Downloads\steps.rar
2012-06-04 21:50 - 2012-06-04 21:28 - 04147702 ____A C:\Users\buzz\EggShipConcept.psd
2012-06-04 11:10 - 2012-06-04 11:09 - 12725464 ____A C:\Users\buzz\Downloads\GameMaker-Installer-8.1.exe
2012-06-02 14:19 - 2012-06-20 17:05 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 17:05 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 17:05 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 17:04 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 17:04 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-20 17:05 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-20 17:04 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:19 - 2012-06-20 17:03 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 13:12 - 2012-06-20 17:03 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-26 14:30 - 2012-05-26 14:30 - 00114963 ____A C:\Users\buzz\Desktop\PartyGame.gmk
2012-05-26 13:36 - 2010-07-23 16:18 - 00114957 ____A C:\Users\buzz\Downloads\Mario Isometric.gmk
2012-05-26 13:34 - 2012-05-26 13:34 - 00112109 ____A C:\Users\buzz\Downloads\Mario_Isometric.zip
2012-05-26 10:13 - 2012-05-25 16:41 - 00002404 ____A C:\Users\buzz\Desktop\Party.txt
2012-05-25 19:17 - 2012-05-25 19:17 - 07212565 ____A C:\Users\buzz\Downloads\editable_tutorials_pack.zip
2012-05-21 21:10 - 2012-05-21 21:08 - 04604138 ____A C:\Users\buzz\Downloads\LicenseRecovery109.zip
2012-05-21 14:33 - 2012-07-20 14:33 - 00000032 ___RA C:\Users\All Users\hash.dat
2012-05-17 15:11 - 2012-06-14 07:17 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-14 07:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-14 07:17 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-14 07:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-14 07:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 07:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-14 07:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-14 07:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 07:17 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-14 07:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 07:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-14 07:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 07:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 07:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll


ZeroAccess:
C:\Windows\Installer\{b5b4be08-3f3e-ca37-bef6-8207af9813b2}
C:\Windows\Installer\{b5b4be08-3f3e-ca37-bef6-8207af9813b2}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 1915.26 MB
Available physical RAM: 1539.82 MB
Total Pagefile: 1743.81 MB
Available Pagefile: 1613.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.56 MB

======================= Partitions =========================

1 Drive c: (SQ004890V03) (Fixed) (Total:140.37 GB) (Free:15.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
5 Drive g: (Transcend) (Removable) (Total:15.1 GB) (Free:6.23 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 140 GB 1501 MB
Partition 3 Primary 7389 MB 142 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ004890V03 NTFS Partition 140 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G Transcend FAT32 Removable 15 GB Healthy

==================================================================================

Last Boot: 2012-08-13 08:20

======================= End Of Log ==========================





Farbar Recovery Scan Tool Version: 10-08-2012
Ran by SYSTEM at 2012-08-13 13:32:19
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-08-07 18:43] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:34] - [2008-01-20 18:34] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2009-08-07 18:43] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:25 AM

Posted 13 August 2012 - 03:37 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{b5b4be08-3f3e-ca37-bef6-8207af9813b2}
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 SquidyTheSquid

SquidyTheSquid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 13 August 2012 - 04:36 PM

Here you go. :)


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 2012-08-13 15:23:27 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{b5b4be08-3f3e-ca37-bef6-8207af9813b2} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====




15:28:07.0912 5784 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:28:08.0380 5784 ============================================================
15:28:08.0380 5784 Current date / time: 2012/08/13 15:28:08.0380
15:28:08.0380 5784 SystemInfo:
15:28:08.0380 5784
15:28:08.0380 5784 OS Version: 6.0.6002 ServicePack: 2.0
15:28:08.0380 5784 Product type: Workstation
15:28:08.0380 5784 ComputerName: RED-DRAGON-PC
15:28:08.0380 5784 UserName: buzz
15:28:08.0380 5784 Windows directory: C:\Windows
15:28:08.0380 5784 System windows directory: C:\Windows
15:28:08.0380 5784 Processor architecture: Intel x86
15:28:08.0380 5784 Number of processors: 1
15:28:08.0380 5784 Page size: 0x1000
15:28:08.0380 5784 Boot type: Normal boot
15:28:08.0380 5784 ============================================================
15:28:08.0754 5784 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:28:08.0754 5784 Drive \Device\Harddisk1\DR1 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:28:08.0754 5784 ============================================================
15:28:08.0754 5784 \Device\Harddisk0\DR0:
15:28:08.0754 5784 MBR partitions:
15:28:08.0754 5784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x118BC800
15:28:08.0754 5784 \Device\Harddisk1\DR1:
15:28:08.0754 5784 MBR partitions:
15:28:08.0754 5784 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0
15:28:08.0754 5784 ============================================================
15:28:08.0801 5784 C: <-> \Device\Harddisk0\DR0\Partition0
15:28:08.0801 5784 ============================================================
15:28:08.0801 5784 Initialize success
15:28:08.0801 5784 ============================================================
15:28:32.0014 5912 ============================================================
15:28:32.0014 5912 Scan started
15:28:32.0014 5912 Mode: Manual; TDLFS;
15:28:32.0014 5912 ============================================================
15:28:32.0435 5912 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:28:32.0451 5912 ACPI - ok
15:28:32.0575 5912 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
15:28:32.0575 5912 AdobeActiveFileMonitor7.0 - ok
15:28:32.0716 5912 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:28:32.0716 5912 AdobeFlashPlayerUpdateSvc - ok
15:28:32.0825 5912 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:28:32.0825 5912 adp94xx - ok
15:28:32.0887 5912 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:28:32.0903 5912 adpahci - ok
15:28:32.0919 5912 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:28:32.0919 5912 adpu160m - ok
15:28:32.0950 5912 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:28:32.0950 5912 adpu320 - ok
15:28:32.0997 5912 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:28:32.0997 5912 AeLookupSvc - ok
15:28:33.0075 5912 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:28:33.0090 5912 AFD - ok
15:28:33.0121 5912 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
15:28:33.0121 5912 AgereModemAudio - ok
15:28:33.0231 5912 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
15:28:33.0246 5912 AgereSoftModem - ok
15:28:33.0340 5912 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:28:33.0340 5912 agp440 - ok
15:28:33.0387 5912 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:28:33.0387 5912 aic78xx - ok
15:28:33.0714 5912 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
15:28:33.0714 5912 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
15:28:33.0730 5912 Akamai ( HiddenFile.Multi.Generic ) - warning
15:28:33.0730 5912 Akamai - detected HiddenFile.Multi.Generic (1)
15:28:33.0933 5912 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:28:33.0933 5912 ALG - ok
15:28:34.0011 5912 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:28:34.0011 5912 aliide - ok
15:28:34.0089 5912 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:28:34.0089 5912 amdagp - ok
15:28:34.0120 5912 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:28:34.0120 5912 amdide - ok
15:28:34.0182 5912 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:28:34.0182 5912 AmdK7 - ok
15:28:34.0213 5912 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:28:34.0213 5912 AmdK8 - ok
15:28:34.0276 5912 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:28:34.0276 5912 Appinfo - ok
15:28:34.0510 5912 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:28:34.0510 5912 Apple Mobile Device - ok
15:28:34.0572 5912 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:28:34.0572 5912 arc - ok
15:28:34.0603 5912 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:28:34.0603 5912 arcsas - ok
15:28:34.0650 5912 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:34.0650 5912 AsyncMac - ok
15:28:34.0697 5912 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:28:34.0697 5912 atapi - ok
15:28:34.0791 5912 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
15:28:34.0806 5912 athr - ok
15:28:34.0900 5912 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:28:34.0900 5912 AudioEndpointBuilder - ok
15:28:34.0900 5912 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:28:34.0915 5912 Audiosrv - ok
15:28:34.0947 5912 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:28:34.0947 5912 Beep - ok
15:28:35.0056 5912 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:28:35.0056 5912 BFE - ok
15:28:35.0134 5912 bh510usb (c29ecd6ada9a65703a4d5cf57ab46544) C:\Windows\system32\Drivers\bh510usb.sys
15:28:35.0134 5912 bh510usb - ok
15:28:35.0181 5912 bh560eth (e3d7ecf3bdc3aab11e9e07c628842538) C:\Windows\system32\Drivers\bh560eth.sys
15:28:35.0181 5912 bh560eth - ok
15:28:35.0243 5912 bh560usb (812776d07920b252a4c245afd569b886) C:\Windows\system32\Drivers\bh560usb.sys
15:28:35.0259 5912 bh560usb - ok
15:28:35.0290 5912 bhpci (0c683bb34ce1fc021b3a02e5419e156a) C:\Windows\system32\Drivers\bhpci.sys
15:28:35.0305 5912 bhpci - ok
15:28:35.0368 5912 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:28:35.0368 5912 blbdrive - ok
15:28:35.0493 5912 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:28:35.0493 5912 Bonjour Service - ok
15:28:35.0539 5912 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:28:35.0539 5912 bowser - ok
15:28:35.0586 5912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:28:35.0586 5912 BrFiltLo - ok
15:28:35.0602 5912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:28:35.0602 5912 BrFiltUp - ok
15:28:35.0649 5912 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:28:35.0649 5912 Browser - ok
15:28:35.0664 5912 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:28:35.0664 5912 Brserid - ok
15:28:35.0680 5912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:28:35.0695 5912 BrSerWdm - ok
15:28:35.0711 5912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:28:35.0711 5912 BrUsbMdm - ok
15:28:35.0727 5912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:28:35.0727 5912 BrUsbSer - ok
15:28:35.0742 5912 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:28:35.0742 5912 BTHMODEM - ok
15:28:35.0914 5912 catchme - ok
15:28:35.0945 5912 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:28:35.0945 5912 cdfs - ok
15:28:36.0007 5912 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:28:36.0023 5912 cdrom - ok
15:28:36.0101 5912 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:28:36.0101 5912 CertPropSvc - ok
15:28:36.0163 5912 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:28:36.0163 5912 circlass - ok
15:28:36.0226 5912 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:28:36.0226 5912 CLFS - ok
15:28:36.0304 5912 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:36.0304 5912 clr_optimization_v2.0.50727_32 - ok
15:28:36.0429 5912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:36.0429 5912 clr_optimization_v4.0.30319_32 - ok
15:28:36.0491 5912 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:28:36.0491 5912 CmBatt - ok
15:28:36.0507 5912 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:28:36.0507 5912 cmdide - ok
15:28:36.0522 5912 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:28:36.0522 5912 Compbatt - ok
15:28:36.0538 5912 COMSysApp - ok
15:28:36.0663 5912 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:28:36.0663 5912 ConfigFree Service - ok
15:28:36.0694 5912 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:28:36.0694 5912 crcdisk - ok
15:28:36.0725 5912 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:28:36.0725 5912 Crusoe - ok
15:28:36.0787 5912 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
15:28:36.0787 5912 CryptSvc - ok
15:28:36.0865 5912 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:28:36.0881 5912 DcomLaunch - ok
15:28:36.0928 5912 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:28:36.0928 5912 DfsC - ok
15:28:37.0053 5912 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:28:37.0084 5912 DFSR - ok
15:28:37.0255 5912 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:28:37.0255 5912 Dhcp - ok
15:28:37.0365 5912 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:28:37.0365 5912 disk - ok
15:28:37.0458 5912 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:28:37.0458 5912 Dnscache - ok
15:28:37.0505 5912 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:28:37.0505 5912 dot3svc - ok
15:28:37.0614 5912 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:28:37.0614 5912 Dot4 - ok
15:28:37.0677 5912 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:28:37.0677 5912 Dot4Print - ok
15:28:37.0708 5912 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:28:37.0708 5912 dot4usb - ok
15:28:37.0739 5912 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:28:37.0755 5912 DPS - ok
15:28:37.0801 5912 DriverX (d27a3a309da2f9122b64b556a9a2cc71) C:\Windows\System32\drivers\DRIVERX.SYS
15:28:37.0801 5912 DriverX - ok
15:28:37.0833 5912 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:28:37.0833 5912 drmkaud - ok
15:28:37.0895 5912 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:28:37.0895 5912 DXGKrnl - ok
15:28:37.0926 5912 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:28:37.0926 5912 E1G60 - ok
15:28:37.0973 5912 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:28:37.0973 5912 EapHost - ok
15:28:38.0051 5912 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:28:38.0051 5912 Ecache - ok
15:28:38.0113 5912 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:28:38.0129 5912 elxstor - ok
15:28:38.0207 5912 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:28:38.0207 5912 EMDMgmt - ok
15:28:38.0254 5912 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:28:38.0254 5912 ErrDev - ok
15:28:38.0301 5912 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:28:38.0301 5912 EventSystem - ok
15:28:38.0379 5912 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:28:38.0379 5912 exfat - ok
15:28:38.0457 5912 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:28:38.0457 5912 fastfat - ok
15:28:38.0535 5912 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:28:38.0535 5912 fdc - ok
15:28:38.0566 5912 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:28:38.0566 5912 fdPHost - ok
15:28:38.0597 5912 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:28:38.0597 5912 FDResPub - ok
15:28:38.0659 5912 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:28:38.0659 5912 FileInfo - ok
15:28:38.0691 5912 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:28:38.0691 5912 Filetrace - ok
15:28:38.0831 5912 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:28:38.0847 5912 FLEXnet Licensing Service - ok
15:28:38.0893 5912 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:28:38.0893 5912 flpydisk - ok
15:28:38.0971 5912 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:28:38.0987 5912 FltMgr - ok
15:28:39.0081 5912 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:28:39.0096 5912 FontCache - ok
15:28:39.0190 5912 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:28:39.0190 5912 FontCache3.0.0.0 - ok
15:28:39.0268 5912 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:28:39.0268 5912 Fs_Rec - ok
15:28:39.0315 5912 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
15:28:39.0315 5912 FwLnk - ok
15:28:39.0346 5912 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:28:39.0346 5912 gagp30kx - ok
15:28:39.0424 5912 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:28:39.0439 5912 gpsvc - ok
15:28:39.0611 5912 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:28:39.0611 5912 gupdate - ok
15:28:39.0642 5912 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:28:39.0642 5912 gupdatem - ok
15:28:39.0736 5912 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:28:39.0736 5912 HdAudAddService - ok
15:28:39.0814 5912 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:28:39.0814 5912 HDAudBus - ok
15:28:39.0861 5912 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:28:39.0861 5912 HidBth - ok
15:28:39.0876 5912 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:28:39.0876 5912 HidIr - ok
15:28:39.0939 5912 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:28:39.0939 5912 hidserv - ok
15:28:39.0985 5912 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:28:39.0985 5912 HidUsb - ok
15:28:40.0017 5912 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:28:40.0032 5912 hkmsvc - ok
15:28:40.0048 5912 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:28:40.0063 5912 HpCISSs - ok
15:28:40.0251 5912 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:28:40.0266 5912 hpqcxs08 - ok
15:28:40.0282 5912 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:28:40.0297 5912 hpqddsvc - ok
15:28:40.0407 5912 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
15:28:40.0407 5912 HTTP - ok
15:28:40.0469 5912 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:28:40.0469 5912 i2omp - ok
15:28:40.0547 5912 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:28:40.0563 5912 i8042prt - ok
15:28:40.0656 5912 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:28:40.0656 5912 IAANTMON - ok
15:28:40.0750 5912 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
15:28:40.0750 5912 iaStor - ok
15:28:40.0797 5912 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:28:40.0797 5912 iaStorV - ok
15:28:40.0906 5912 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:28:40.0906 5912 IDriverT - ok
15:28:41.0046 5912 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:28:41.0062 5912 idsvc - ok
15:28:41.0249 5912 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:28:41.0280 5912 igfx - ok
15:28:41.0436 5912 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:28:41.0436 5912 iirsp - ok
15:28:41.0514 5912 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:28:41.0530 5912 IKEEXT - ok
15:28:41.0686 5912 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
15:28:41.0701 5912 IntcAzAudAddService - ok
15:28:41.0857 5912 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:28:41.0857 5912 intelide - ok
15:28:41.0920 5912 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:28:41.0920 5912 intelppm - ok
15:28:41.0951 5912 IO_Memory - ok
15:28:41.0982 5912 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:28:41.0982 5912 IPBusEnum - ok
15:28:41.0998 5912 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:41.0998 5912 IpFilterDriver - ok
15:28:42.0076 5912 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:28:42.0076 5912 iphlpsvc - ok
15:28:42.0076 5912 IpInIp - ok
15:28:42.0123 5912 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:28:42.0123 5912 IPMIDRV - ok
15:28:42.0138 5912 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:28:42.0138 5912 IPNAT - ok
15:28:42.0169 5912 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:28:42.0169 5912 IRENUM - ok
15:28:42.0201 5912 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:28:42.0216 5912 isapnp - ok
15:28:42.0263 5912 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:28:42.0263 5912 iScsiPrt - ok
15:28:42.0279 5912 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:28:42.0279 5912 iteatapi - ok
15:28:42.0310 5912 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:28:42.0310 5912 iteraid - ok
15:28:42.0450 5912 jswpsapi (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
15:28:42.0466 5912 jswpsapi - ok
15:28:42.0544 5912 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
15:28:42.0544 5912 jswpslwf - ok
15:28:42.0559 5912 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:28:42.0559 5912 kbdclass - ok
15:28:42.0591 5912 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
15:28:42.0591 5912 kbdhid - ok
15:28:42.0637 5912 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:28:42.0637 5912 KeyIso - ok
15:28:42.0669 5912 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
15:28:42.0669 5912 KR10I - ok
15:28:42.0700 5912 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
15:28:42.0700 5912 KR10N - ok
15:28:42.0778 5912 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:28:42.0793 5912 KSecDD - ok
15:28:42.0871 5912 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:28:42.0871 5912 KtmRm - ok
15:28:42.0918 5912 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
15:28:42.0918 5912 LanmanServer - ok
15:28:42.0996 5912 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:28:42.0996 5912 LanmanWorkstation - ok
15:28:43.0027 5912 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:28:43.0027 5912 lltdio - ok
15:28:43.0074 5912 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:28:43.0074 5912 lltdsvc - ok
15:28:43.0105 5912 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:28:43.0105 5912 lmhosts - ok
15:28:43.0152 5912 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:28:43.0152 5912 LSI_FC - ok
15:28:43.0168 5912 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:28:43.0183 5912 LSI_SAS - ok
15:28:43.0230 5912 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:28:43.0230 5912 LSI_SCSI - ok
15:28:43.0308 5912 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:28:43.0308 5912 luafv - ok
15:28:43.0386 5912 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\Windows\system32\drivers\lvusbsta.sys
15:28:43.0386 5912 LVUSBSta - ok
15:28:43.0402 5912 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:28:43.0402 5912 megasas - ok
15:28:43.0433 5912 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:28:43.0449 5912 MegaSR - ok
15:28:43.0480 5912 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:28:43.0480 5912 MMCSS - ok
15:28:43.0542 5912 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:28:43.0542 5912 Modem - ok
15:28:43.0605 5912 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:28:43.0605 5912 monitor - ok
15:28:43.0620 5912 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:28:43.0620 5912 mouclass - ok
15:28:43.0729 5912 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:28:43.0729 5912 mouhid - ok
15:28:43.0761 5912 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:28:43.0761 5912 MountMgr - ok
15:28:43.0823 5912 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
15:28:43.0823 5912 MpFilter - ok
15:28:43.0870 5912 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:28:43.0885 5912 mpio - ok
15:28:43.0901 5912 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:28:43.0901 5912 mpsdrv - ok
15:28:43.0979 5912 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:28:43.0995 5912 MpsSvc - ok
15:28:44.0041 5912 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:28:44.0041 5912 Mraid35x - ok
15:28:44.0104 5912 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:28:44.0104 5912 MRxDAV - ok
15:28:44.0166 5912 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:28:44.0166 5912 mrxsmb - ok
15:28:44.0197 5912 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:28:44.0213 5912 mrxsmb10 - ok
15:28:44.0229 5912 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:28:44.0244 5912 mrxsmb20 - ok
15:28:44.0275 5912 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
15:28:44.0275 5912 msahci - ok
15:28:44.0338 5912 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:28:44.0338 5912 msdsm - ok
15:28:44.0385 5912 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:28:44.0385 5912 MSDTC - ok
15:28:44.0416 5912 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:28:44.0416 5912 Msfs - ok
15:28:44.0478 5912 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:28:44.0478 5912 msisadrv - ok
15:28:44.0509 5912 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:28:44.0525 5912 MSiSCSI - ok
15:28:44.0525 5912 msiserver - ok
15:28:44.0603 5912 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:28:44.0603 5912 MSKSSRV - ok
15:28:44.0619 5912 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:28:44.0619 5912 MSPCLOCK - ok
15:28:44.0634 5912 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:28:44.0634 5912 MSPQM - ok
15:28:44.0681 5912 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:28:44.0697 5912 MsRPC - ok
15:28:44.0728 5912 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:28:44.0728 5912 mssmbios - ok
15:28:44.0775 5912 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:28:44.0790 5912 MSTEE - ok
15:28:44.0806 5912 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:28:44.0806 5912 Mup - ok
15:28:44.0868 5912 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:28:44.0884 5912 napagent - ok
15:28:44.0946 5912 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:28:44.0946 5912 NativeWifiP - ok
15:28:45.0024 5912 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:28:45.0040 5912 NDIS - ok
15:28:45.0071 5912 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:45.0071 5912 NdisTapi - ok
15:28:45.0102 5912 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:45.0102 5912 Ndisuio - ok
15:28:45.0118 5912 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:45.0118 5912 NdisWan - ok
15:28:45.0149 5912 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:28:45.0149 5912 NDProxy - ok
15:28:45.0211 5912 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
15:28:45.0211 5912 Net Driver HPZ12 - ok
15:28:45.0243 5912 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:28:45.0243 5912 NetBIOS - ok
15:28:45.0305 5912 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:28:45.0305 5912 netbt - ok
15:28:45.0367 5912 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:28:45.0367 5912 Netlogon - ok
15:28:45.0414 5912 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:28:45.0430 5912 Netman - ok
15:28:45.0461 5912 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:28:45.0461 5912 netprofm - ok
15:28:45.0570 5912 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:28:45.0570 5912 NetTcpPortSharing - ok
15:28:45.0601 5912 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:28:45.0617 5912 nfrd960 - ok
15:28:45.0679 5912 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:28:45.0679 5912 NisDrv - ok
15:28:45.0804 5912 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:28:45.0804 5912 NisSrv - ok
15:28:45.0851 5912 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:28:45.0851 5912 NlaSvc - ok
15:28:45.0913 5912 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:28:45.0913 5912 Npfs - ok
15:28:45.0929 5912 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:28:45.0929 5912 nsi - ok
15:28:45.0960 5912 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:28:45.0960 5912 nsiproxy - ok
15:28:46.0069 5912 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:28:46.0085 5912 Ntfs - ok
15:28:46.0101 5912 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:28:46.0101 5912 ntrigdigi - ok
15:28:46.0163 5912 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:28:46.0163 5912 NuidFltr - ok
15:28:46.0179 5912 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:28:46.0179 5912 Null - ok
15:28:46.0210 5912 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:28:46.0210 5912 nvraid - ok
15:28:46.0225 5912 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:28:46.0225 5912 nvstor - ok
15:28:46.0272 5912 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:28:46.0272 5912 nv_agp - ok
15:28:46.0288 5912 NwlnkFlt - ok
15:28:46.0303 5912 NwlnkFwd - ok
15:28:46.0413 5912 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:28:46.0413 5912 odserv - ok
15:28:46.0444 5912 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:28:46.0444 5912 ohci1394 - ok
15:28:46.0491 5912 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:28:46.0491 5912 ose - ok
15:28:46.0584 5912 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:28:46.0600 5912 p2pimsvc - ok
15:28:46.0615 5912 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:28:46.0615 5912 p2psvc - ok
15:28:46.0662 5912 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:28:46.0662 5912 Parport - ok
15:28:46.0725 5912 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
15:28:46.0725 5912 partmgr - ok
15:28:46.0740 5912 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:28:46.0740 5912 Parvdm - ok
15:28:46.0787 5912 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:28:46.0787 5912 PcaSvc - ok
15:28:46.0849 5912 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:28:46.0849 5912 pci - ok
15:28:46.0881 5912 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
15:28:46.0881 5912 pciide - ok
15:28:46.0912 5912 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:28:46.0912 5912 pcmcia - ok
15:28:46.0974 5912 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:28:46.0974 5912 PEAUTH - ok
15:28:47.0099 5912 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:28:47.0115 5912 pla - ok
15:28:47.0255 5912 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:28:47.0255 5912 PlugPlay - ok
15:28:47.0364 5912 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
15:28:47.0364 5912 Pml Driver HPZ12 - ok
15:28:47.0473 5912 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:28:47.0489 5912 PNRPAutoReg - ok
15:28:47.0489 5912 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:28:47.0505 5912 PNRPsvc - ok
15:28:47.0567 5912 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:28:47.0583 5912 PolicyAgent - ok
15:28:47.0676 5912 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:28:47.0676 5912 PptpMiniport - ok
15:28:47.0707 5912 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:28:47.0707 5912 Processor - ok
15:28:47.0723 5912 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:28:47.0739 5912 ProfSvc - ok
15:28:47.0785 5912 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:28:47.0785 5912 ProtectedStorage - ok
15:28:47.0863 5912 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:28:47.0863 5912 PSched - ok
15:28:47.0895 5912 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
15:28:47.0895 5912 PxHelp20 - ok
15:28:48.0035 5912 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\Windows\system32\DRIVERS\LVCM.sys
15:28:48.0051 5912 QCMerced - ok
15:28:48.0300 5912 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:28:48.0316 5912 ql2300 - ok
15:28:48.0347 5912 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:28:48.0363 5912 ql40xx - ok
15:28:48.0394 5912 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:28:48.0409 5912 QWAVE - ok
15:28:48.0425 5912 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:28:48.0425 5912 QWAVEdrv - ok
15:28:48.0441 5912 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:28:48.0441 5912 RasAcd - ok
15:28:48.0456 5912 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:28:48.0456 5912 RasAuto - ok
15:28:48.0487 5912 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:48.0503 5912 Rasl2tp - ok
15:28:48.0550 5912 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:28:48.0565 5912 RasMan - ok
15:28:48.0628 5912 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:48.0628 5912 RasPppoe - ok
15:28:48.0659 5912 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:28:48.0659 5912 RasSstp - ok
15:28:48.0721 5912 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:28:48.0721 5912 rdbss - ok
15:28:48.0784 5912 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:48.0784 5912 RDPCDD - ok
15:28:48.0815 5912 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:28:48.0815 5912 rdpdr - ok
15:28:48.0831 5912 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:28:48.0831 5912 RDPENCDD - ok
15:28:48.0877 5912 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
15:28:48.0877 5912 RDPWD - ok
15:28:48.0940 5912 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:28:48.0940 5912 RemoteAccess - ok
15:28:48.0987 5912 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:28:48.0987 5912 RemoteRegistry - ok
15:28:49.0033 5912 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:28:49.0033 5912 RpcLocator - ok
15:28:49.0111 5912 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:28:49.0127 5912 RpcSs - ok
15:28:49.0205 5912 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:28:49.0205 5912 rspndr - ok
15:28:49.0283 5912 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:28:49.0283 5912 RTL8169 - ok
15:28:49.0330 5912 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
15:28:49.0345 5912 RTSTOR - ok
15:28:49.0408 5912 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:28:49.0408 5912 SamSs - ok
15:28:49.0423 5912 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:28:49.0423 5912 sbp2port - ok
15:28:49.0501 5912 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:28:49.0501 5912 SCardSvr - ok
15:28:49.0580 5912 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:28:49.0580 5912 Schedule - ok
15:28:49.0674 5912 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:28:49.0674 5912 SCPolicySvc - ok
15:28:49.0721 5912 sdiont (545b28fffcd55eac34635626504ad21c) C:\Windows\system32\drivers\sdiont.sys
15:28:49.0736 5912 sdiont - ok
15:28:49.0768 5912 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:28:49.0768 5912 SDRSVC - ok
15:28:49.0799 5912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:28:49.0799 5912 secdrv - ok
15:28:49.0814 5912 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:28:49.0814 5912 seclogon - ok
15:28:49.0846 5912 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
15:28:49.0846 5912 SENS - ok
15:28:49.0877 5912 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:28:49.0877 5912 Serenum - ok
15:28:49.0908 5912 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:28:49.0908 5912 Serial - ok
15:28:49.0939 5912 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:28:49.0939 5912 sermouse - ok
15:28:49.0986 5912 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:28:49.0986 5912 SessionEnv - ok
15:28:50.0017 5912 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:28:50.0017 5912 sffdisk - ok
15:28:50.0048 5912 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:28:50.0048 5912 sffp_mmc - ok
15:28:50.0064 5912 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:28:50.0064 5912 sffp_sd - ok
15:28:50.0095 5912 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:28:50.0095 5912 sfloppy - ok
15:28:50.0158 5912 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:28:50.0158 5912 SharedAccess - ok
15:28:50.0236 5912 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:28:50.0282 5912 ShellHWDetection - ok
15:28:50.0329 5912 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:28:50.0329 5912 sisagp - ok
15:28:50.0407 5912 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:28:50.0407 5912 SiSRaid2 - ok
15:28:50.0423 5912 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:28:50.0438 5912 SiSRaid4 - ok
15:28:50.0673 5912 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:28:50.0783 5912 slsvc - ok
15:28:50.0970 5912 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:28:50.0970 5912 SLUINotify - ok
15:28:51.0032 5912 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:28:51.0032 5912 Smb - ok
15:28:51.0079 5912 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:28:51.0079 5912 SNMPTRAP - ok
15:28:51.0110 5912 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:28:51.0110 5912 spldr - ok
15:28:51.0157 5912 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:28:51.0157 5912 Spooler - ok
15:28:51.0313 5912 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:28:51.0313 5912 srv - ok
15:28:51.0407 5912 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:28:51.0422 5912 srv2 - ok
15:28:51.0485 5912 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:28:51.0485 5912 srvnet - ok
15:28:51.0672 5912 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:28:51.0687 5912 SSDPSRV - ok
15:28:51.0734 5912 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:28:51.0734 5912 SstpSvc - ok
15:28:51.0828 5912 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:28:51.0828 5912 stisvc - ok
15:28:51.0906 5912 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
15:28:51.0906 5912 SVRPEDRV - ok
15:28:51.0968 5912 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:28:51.0968 5912 swenum - ok
15:28:52.0093 5912 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:28:52.0109 5912 SwitchBoard - ok
15:28:52.0171 5912 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:28:52.0187 5912 swprv - ok
15:28:52.0218 5912 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:28:52.0218 5912 Symc8xx - ok
15:28:52.0233 5912 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:28:52.0233 5912 Sym_hi - ok
15:28:52.0249 5912 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:28:52.0249 5912 Sym_u3 - ok
15:28:52.0327 5912 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
15:28:52.0327 5912 SynTP - ok
15:28:52.0436 5912 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:28:52.0452 5912 SysMain - ok
15:28:52.0483 5912 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:28:52.0499 5912 TabletInputService - ok
15:28:52.0780 5912 TabletServicePen (099aee120cac4a43ce307a828998392f) C:\Windows\system32\Pen_Tablet.exe
15:28:52.0874 5912 TabletServicePen - ok
15:28:53.0108 5912 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:28:53.0108 5912 TapiSrv - ok
15:28:53.0139 5912 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:28:53.0139 5912 TBS - ok
15:28:53.0342 5912 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
15:28:53.0358 5912 Tcpip - ok
15:28:53.0373 5912 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
15:28:53.0389 5912 Tcpip6 - ok
15:28:53.0404 5912 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
15:28:53.0404 5912 tcpipreg - ok
15:28:53.0514 5912 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:28:53.0514 5912 tdcmdpst - ok
15:28:53.0545 5912 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:28:53.0545 5912 TDPIPE - ok
15:28:53.0560 5912 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:28:53.0560 5912 TDTCP - ok
15:28:53.0654 5912 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:28:53.0654 5912 tdx - ok
15:28:53.0701 5912 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:28:53.0701 5912 TermDD - ok
15:28:53.0810 5912 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:28:53.0810 5912 TermService - ok
15:28:53.0857 5912 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:28:53.0857 5912 Themes - ok
15:28:53.0935 5912 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:28:53.0935 5912 THREADORDER - ok
15:28:54.0106 5912 TMachInfo (e09caafb2b323a6ff120cefb96da0a44) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:28:54.0106 5912 TMachInfo - ok
15:28:54.0216 5912 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
15:28:54.0216 5912 TNaviSrv - ok
15:28:54.0262 5912 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
15:28:54.0262 5912 TODDSrv - ok
15:28:54.0356 5912 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
15:28:54.0356 5912 TosCoSrv - ok
15:28:54.0372 5912 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
15:28:54.0387 5912 TOSHIBA SMART Log Service - ok
15:28:54.0574 5912 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
15:28:54.0574 5912 tos_sps32 - ok
15:28:54.0621 5912 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:28:54.0621 5912 TrkWks - ok
15:28:54.0762 5912 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:28:54.0762 5912 TrustedInstaller - ok
15:28:54.0793 5912 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:28:54.0793 5912 tssecsrv - ok
15:28:54.0871 5912 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:28:54.0871 5912 tunmp - ok
15:28:54.0918 5912 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:28:54.0918 5912 tunnel - ok
15:28:54.0964 5912 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:28:54.0964 5912 TVALZ - ok
15:28:54.0980 5912 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:28:54.0980 5912 uagp35 - ok
15:28:55.0042 5912 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:28:55.0042 5912 udfs - ok
15:28:55.0089 5912 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:28:55.0089 5912 UI0Detect - ok
15:28:55.0183 5912 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
15:28:55.0214 5912 UleadBurningHelper - ok
15:28:55.0245 5912 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:28:55.0245 5912 uliagpkx - ok
15:28:55.0276 5912 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:28:55.0292 5912 uliahci - ok
15:28:55.0308 5912 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:28:55.0308 5912 UlSata - ok
15:28:55.0323 5912 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:28:55.0323 5912 ulsata2 - ok
15:28:55.0354 5912 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:28:55.0354 5912 umbus - ok
15:28:55.0448 5912 umpusbvista (e217823917edf5655bdc437d63b27ef2) C:\Windows\system32\DRIVERS\umpusbvista.sys
15:28:55.0448 5912 umpusbvista - ok
15:28:55.0495 5912 umpusbxp (4685ca976167ef2bbab18694346062df) C:\Windows\system32\DRIVERS\umpusbxp.sys
15:28:55.0495 5912 umpusbxp - ok
15:28:55.0542 5912 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:28:55.0542 5912 upnphost - ok
15:28:55.0604 5912 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:28:55.0604 5912 usbaudio - ok
15:28:55.0635 5912 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:28:55.0635 5912 usbccgp - ok
15:28:55.0666 5912 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:28:55.0666 5912 usbcir - ok
15:28:55.0760 5912 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:28:55.0776 5912 usbehci - ok
15:28:55.0807 5912 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:28:55.0807 5912 usbhub - ok
15:28:55.0822 5912 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:28:55.0822 5912 usbohci - ok
15:28:55.0885 5912 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:28:55.0885 5912 usbprint - ok
15:28:55.0916 5912 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:28:55.0916 5912 usbscan - ok
15:28:55.0963 5912 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:28:55.0963 5912 USBSTOR - ok
15:28:55.0994 5912 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:28:55.0994 5912 usbuhci - ok
15:28:56.0025 5912 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:28:56.0025 5912 usbvideo - ok
15:28:56.0072 5912 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:28:56.0072 5912 UxSms - ok
15:28:56.0150 5912 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:28:56.0150 5912 vds - ok
15:28:56.0197 5912 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:28:56.0197 5912 vga - ok
15:28:56.0212 5912 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:28:56.0212 5912 VgaSave - ok
15:28:56.0228 5912 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:28:56.0228 5912 viaagp - ok
15:28:56.0244 5912 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:28:56.0244 5912 ViaC7 - ok
15:28:56.0275 5912 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:28:56.0275 5912 viaide - ok
15:28:56.0353 5912 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:28:56.0353 5912 volmgr - ok
15:28:56.0431 5912 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:28:56.0431 5912 volmgrx - ok
15:28:56.0509 5912 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:28:56.0524 5912 volsnap - ok
15:28:56.0556 5912 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:28:56.0556 5912 vsmraid - ok
15:28:56.0774 5912 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:28:56.0805 5912 VSS - ok
15:28:56.0883 5912 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:28:56.0899 5912 W32Time - ok
15:28:56.0992 5912 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
15:28:56.0992 5912 wacmoumonitor - ok
15:28:57.0055 5912 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
15:28:57.0055 5912 wacommousefilter - ok
15:28:57.0133 5912 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:28:57.0133 5912 WacomPen - ok
15:28:57.0211 5912 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
15:28:57.0211 5912 wacomvhid - ok
15:28:57.0242 5912 WacomVTHid (6d95cb7cefe61b62472076187277edf6) C:\Windows\system32\DRIVERS\WacomVTHid.sys
15:28:57.0242 5912 WacomVTHid - ok
15:28:57.0304 5912 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:28:57.0304 5912 Wanarp - ok
15:28:57.0320 5912 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:28:57.0320 5912 Wanarpv6 - ok
15:28:57.0429 5912 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:28:57.0445 5912 wcncsvc - ok
15:28:57.0460 5912 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:28:57.0476 5912 WcsPlugInService - ok
15:28:57.0507 5912 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:28:57.0507 5912 Wd - ok
15:28:57.0538 5912 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:28:57.0554 5912 Wdf01000 - ok
15:28:57.0570 5912 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:28:57.0570 5912 WdiServiceHost - ok
15:28:57.0585 5912 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:28:57.0585 5912 WdiSystemHost - ok
15:28:57.0694 5912 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:28:57.0710 5912 WebClient - ok
15:28:57.0741 5912 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:28:57.0757 5912 Wecsvc - ok
15:28:57.0819 5912 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:28:57.0819 5912 wercplsupport - ok
15:28:57.0866 5912 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:28:57.0882 5912 WerSvc - ok
15:28:57.0975 5912 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:28:57.0975 5912 WinDefend - ok
15:28:57.0991 5912 WinHttpAutoProxySvc - ok
15:28:58.0084 5912 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:28:58.0084 5912 Winmgmt - ok
15:28:58.0194 5912 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:28:58.0209 5912 WinRM - ok
15:28:58.0318 5912 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:28:58.0334 5912 Wlansvc - ok
15:28:58.0521 5912 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:28:58.0552 5912 wlidsvc - ok
15:28:58.0740 5912 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:28:58.0740 5912 WmiAcpi - ok
15:28:58.0880 5912 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:28:58.0880 5912 wmiApSrv - ok
15:28:59.0036 5912 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:28:59.0052 5912 WMPNetworkSvc - ok
15:28:59.0098 5912 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:28:59.0114 5912 WPCSvc - ok
15:28:59.0161 5912 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:28:59.0161 5912 WPDBusEnum - ok
15:28:59.0270 5912 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:28:59.0286 5912 WpdUsb - ok
15:28:59.0504 5912 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:28:59.0520 5912 WPFFontCache_v0400 - ok
15:28:59.0551 5912 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:28:59.0551 5912 ws2ifsl - ok
15:28:59.0644 5912 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:28:59.0644 5912 wscsvc - ok
15:28:59.0660 5912 WSearch - ok
15:28:59.0738 5912 WTouchService (77a3988cf9b5848bcbc9fb6a79508a56) C:\Program Files\WTouch\WTouchService.exe
15:28:59.0738 5912 WTouchService - ok
15:28:59.0910 5912 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:28:59.0941 5912 wuauserv - ok
15:29:00.0144 5912 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:00.0159 5912 WUDFRd - ok
15:29:00.0190 5912 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:29:00.0190 5912 wudfsvc - ok
15:29:00.0222 5912 XDS560 (c8a4224c4002b34ccf4eef0ffe680efa) C:\Windows\system32\DRIVERS\xds560.sys
15:29:00.0222 5912 XDS560 - ok
15:29:00.0253 5912 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:29:01.0672 5912 \Device\Harddisk0\DR0 - ok
15:29:01.0672 5912 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:29:04.0761 5912 \Device\Harddisk1\DR1 - ok
15:29:04.0808 5912 Boot (0x1200) (aa60a77d02a6144406e28e7489d2c663) \Device\Harddisk0\DR0\Partition0
15:29:04.0808 5912 \Device\Harddisk0\DR0\Partition0 - ok
15:29:04.0808 5912 Boot (0x1200) (9b0a1f13b38a227ee71a2e9e4ac3ea35) \Device\Harddisk1\DR1\Partition0
15:29:04.0808 5912 \Device\Harddisk1\DR1\Partition0 - ok
15:29:04.0824 5912 ============================================================
15:29:04.0824 5912 Scan finished
15:29:04.0824 5912 ============================================================
15:29:04.0839 5904 Detected object count: 1
15:29:04.0839 5904 Actual detected object count: 1
15:30:27.0223 5904 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:30:27.0223 5904 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:30:36.0676 5776 Deinitialize success

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:25 AM

Posted 13 August 2012 - 04:50 PM

looking better,

please run the following:

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 SquidyTheSquid

SquidyTheSquid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 14 August 2012 - 12:29 AM

Thank you so much for your continued help. It means a lot!
Here's both the logs. My computer is acting fine. Firewall is on, Security Essentials is off (I don't want to start that until the virus is gone though), and I was able to turn defender back on (I haven't updated it yet).



ESETSCAN results:

C:\FRST\Quarantine\services.exe Win32/Sirefef.FB.Gen trojan
C:\Users\buzz\Desktop\RK_Quarantine\80000000.@.vir a variant of Win32/Sirefef.FA trojan
C:\Users\buzz\Desktop\RK_Quarantine\800000cb.@.vir probably a variant of Win32/Agent.TEO trojan
C:\Users\buzz\Desktop\RK_Quarantine\n.vir Win32/Sirefef.EV trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHRRWEST\firstload_com[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUTRBKCM\jquery.lazyload.min[1].js JS/Agent.NGM trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZCD83SX\mx_nan_a[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZCD83SX\mx_nan_a[2].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WW74IBHL\mx_nan_a[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YZRRPAP3\mx_nan_a[1].htm HTML/Iframe.B.Gen virus

FSS results:

Farbar Service Scanner Version: 06-08-2012
Ran by buzz (administrator) on 13-08-2012 at 22:50:08
Running from "C:\Users\buzz\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:25 AM

Posted 14 August 2012 - 07:47 AM

Your BITS registry key is missing, we need to replace it,

please download the attached reg fix and extract it to your desktop, right click it and choose to merge it to your registry

(then delete the file as you wont need it again)





NEXT


Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

See if MS Security Essentials works properly (you may have to uninstall then re-install it, this infection is known to corrupt it, (when you enable it again, it will disable Defender automatically as it contains the same components)

Delete all your browsing history to remove the detections by ESET (the rest of the items are in quarantine)


Let me know if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 SquidyTheSquid

SquidyTheSquid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 14 August 2012 - 11:00 PM

I downloaded java, adobe, updated firefox while I was at it, deleted all my history on my web browsers, and got Security Essentials running again. However, it says it fails to update virus and spyware definitions due to an internet or network connectivity problem. I am connected to the internet though. :(
Thanks.

#13 SquidyTheSquid

SquidyTheSquid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 14 August 2012 - 11:17 PM

Nevermind, I got it MSE updated. :) Defender is off like you said, but everything else is working great! Seriously, thanks a bunch!

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:25 AM

Posted 15 August 2012 - 07:37 AM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS and all the Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 SquidyTheSquid

SquidyTheSquid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 17 August 2012 - 02:22 AM

Thanks again for your help! My computer is running smoothly again! Thanks for the tips on keeping my computer virus free too. Definitely going to implement those.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users