Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

no executables can be used after laptop connects to internet


  • This topic is locked This topic is locked
11 replies to this topic

#1 idrizmiftari

idrizmiftari

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 07 September 2012 - 11:11 PM

Friend's Pavilion laptop with XP pro will not respond after it connects it's wireless connection.
I can move around and explore the computer but no exe can be run. Can't use task manager, can't use run command,
the hourglass comes up for 4 seconds and then disappears for any action. If I hit the button for the wireless
to turn it off and hard reset the laptop I can use the computer just fine. If I hit the wireless button it breaks it again.
Interestingly when I installed superantispyware I could use internet albeit the program itself was maxing out my resources
slowing it to a crawl.

I tried using MBAM, superantispyware, combofix, AVG,spybot,ESET, and then signed up here and decided to post. Unfortunately I ran combofix
before reading the instructions, my mistake. I did run and get logs for DDS, MBAM and GMER.

Here is the DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by user at 22:20:17 on 2012-09-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1180 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340327504750
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B6BFA39F-17F9-41A2-99E0-BA7D0A775FDA} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\jsre6m01.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6ee77e80-2396-4b4c-ad6d-a21fc013a069%7D&mid=a0d6deaad9d347d688e6d15de3f46244-af1d7a226d93e0ab954b76cffb147727f3afd74d&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-06%2023%3A24%3A16&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2010-10-28 192896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-10-25 167264]
.
=============== Created Last 30 ================
.
2012-09-08 00:35:20 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2012-09-08 00:32:54 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2012-09-07 05:18:22 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 05:12:05 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-07 02:20:07 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2012-06-20 05:29:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 05:29:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9160821A rev.3.ALD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x894E44B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x894eb93c]; MOV EAX, [0x894ebab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x89A3FAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\00000072[0x89A6F9E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> [0x89A83D98]
\Driver\atapi[0x896F9928] -> IRP_MJ_CREATE -> 0x894E44B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x894E42E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:22:08.40 ===============


GMER log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-07 23:29:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST9160821A rev.3.ALD
Running: tdpd5p8z.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\afqdiaog.sys


---- Kernel code sections - GMER 1.0.15 ----

? netid.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9529DBF]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3CB4
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A4457
.text C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A44B8
.text C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A4528
.text C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A455B
.text C:\WINDOWS\System32\svchost.exe[1060] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1060] ole32.dll!CoCreateInstance 774FF1BC 2 Bytes JMP 001A46C1
.text C:\WINDOWS\System32\svchost.exe[1060] ole32.dll!CoCreateInstance + 3 774FF1BF 2 Bytes [CA, 88]
.text C:\WINDOWS\System32\svchost.exe[1060] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A4697
.text C:\WINDOWS\System32\svchost.exe[1060] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A43B9

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 894DF2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 894DF2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 894DF2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 894DF2E2

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 08 September 2012 - 12:19 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 idrizmiftari

idrizmiftari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 September 2012 - 01:09 AM

No problems so far. Here is the SecurityCheck log. The combo log was too long to copy/paste so I attached.

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Companion 2.4.6.4
Java™ 6 Update 22
Java 7 Update 7
Adobe Flash Player 11.3.300.257
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 08 September 2012 - 01:52 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 idrizmiftari

idrizmiftari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 September 2012 - 10:01 AM

Here are the TDS and aswMBR logs. Seeing as TDS killed something and aswMBR needed to update
their definitions I turned on the wireless after TDS and it didn't lock up. AswMBR did not have
a scan complete line, just stayed on documents and settings\user, so I saved a log anyways.

10:32:55.0953 0520 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:32:55.0968 0520 ============================================================
10:32:55.0968 0520 Current date / time: 2012/09/08 10:32:55.0968
10:32:55.0968 0520 SystemInfo:
10:32:55.0968 0520
10:32:55.0968 0520 OS Version: 5.1.2600 ServicePack: 3.0
10:32:55.0968 0520 Product type: Workstation
10:32:55.0968 0520 ComputerName: USER-AA3DE5DE87
10:32:55.0968 0520 UserName: user
10:32:55.0968 0520 Windows directory: C:\WINDOWS
10:32:55.0968 0520 System windows directory: C:\WINDOWS
10:32:55.0968 0520 Processor architecture: Intel x86
10:32:55.0968 0520 Number of processors: 1
10:32:55.0968 0520 Page size: 0x1000
10:32:55.0968 0520 Boot type: Normal boot
10:32:55.0968 0520 ============================================================
10:32:56.0984 0520 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:32:56.0984 0520 ============================================================
10:32:56.0984 0520 \Device\Harddisk0\DR0:
10:32:56.0984 0520 MBR partitions:
10:32:56.0984 0520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
10:32:56.0984 0520 ============================================================
10:32:57.0046 0520 C: <-> \Device\Harddisk0\DR0\Partition1
10:32:57.0046 0520 ============================================================
10:32:57.0046 0520 Initialize success
10:32:57.0046 0520 ============================================================
10:33:12.0078 0352 ============================================================
10:33:12.0078 0352 Scan started
10:33:12.0078 0352 Mode: Manual;
10:33:12.0078 0352 ============================================================
10:33:12.0328 0352 ================ Scan system memory ========================
10:33:12.0328 0352 System memory - ok
10:33:12.0328 0352 ================ Scan services =============================
10:33:12.0468 0352 Abiosdsk - ok
10:33:12.0468 0352 abp480n5 - ok
10:33:12.0562 0352 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:33:12.0562 0352 ACPI - ok
10:33:12.0593 0352 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:33:12.0593 0352 ACPIEC - ok
10:33:12.0609 0352 adpu160m - ok
10:33:12.0671 0352 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:33:12.0671 0352 aec - ok
10:33:12.0734 0352 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:33:12.0734 0352 AFD - ok
10:33:12.0750 0352 Aha154x - ok
10:33:12.0765 0352 aic78u2 - ok
10:33:12.0781 0352 aic78xx - ok
10:33:12.0828 0352 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:33:12.0828 0352 Alerter - ok
10:33:12.0859 0352 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:33:12.0859 0352 ALG - ok
10:33:12.0875 0352 AliIde - ok
10:33:12.0937 0352 [ A2D5F093F9CB160C183C77015704F156 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:33:12.0937 0352 AmdK8 - ok
10:33:12.0953 0352 amsint - ok
10:33:13.0093 0352 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:33:13.0093 0352 Apple Mobile Device - ok
10:33:13.0140 0352 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:33:13.0140 0352 AppMgmt - ok
10:33:13.0171 0352 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:33:13.0171 0352 Arp1394 - ok
10:33:13.0187 0352 asc - ok
10:33:13.0203 0352 asc3350p - ok
10:33:13.0218 0352 asc3550 - ok
10:33:13.0437 0352 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:33:13.0453 0352 aspnet_state - ok
10:33:13.0468 0352 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:33:13.0468 0352 AsyncMac - ok
10:33:13.0515 0352 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:33:13.0531 0352 atapi - ok
10:33:13.0531 0352 Atdisk - ok
10:33:13.0609 0352 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:33:13.0609 0352 Ati HotKey Poller - ok
10:33:13.0703 0352 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:33:13.0718 0352 ati2mtag - ok
10:33:13.0734 0352 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:33:13.0734 0352 Atmarpc - ok
10:33:13.0781 0352 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:33:13.0781 0352 AudioSrv - ok
10:33:13.0843 0352 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:33:13.0843 0352 audstub - ok
10:33:13.0984 0352 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
10:33:13.0984 0352 AVG Security Toolbar Service - ok
10:33:14.0046 0352 [ D5F1AB1AAB8B81BCA6F19DA9554A267A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:33:14.0062 0352 BCM43XX - ok
10:33:14.0109 0352 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:33:14.0109 0352 Beep - ok
10:33:14.0187 0352 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:33:14.0187 0352 BITS - ok
10:33:14.0312 0352 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:33:14.0312 0352 Bonjour Service - ok
10:33:14.0375 0352 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
10:33:14.0375 0352 Browser - ok
10:33:14.0453 0352 [ 87B70DDF55A9072DDFA3448DFA6BE03C ] CAMCAUD C:\WINDOWS\system32\drivers\camcaud.sys
10:33:14.0453 0352 CAMCAUD - ok
10:33:14.0515 0352 [ 407CD35839A1FFFD7E28E0467F1CF4B8 ] CAMCHALA C:\WINDOWS\system32\drivers\camchal.sys
10:33:14.0515 0352 CAMCHALA - ok
10:33:14.0687 0352 catchme - ok
10:33:14.0718 0352 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:33:14.0718 0352 cbidf2k - ok
10:33:14.0734 0352 cd20xrnt - ok
10:33:14.0765 0352 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:33:14.0765 0352 Cdaudio - ok
10:33:14.0828 0352 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:33:14.0828 0352 Cdfs - ok
10:33:14.0890 0352 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:33:14.0890 0352 Cdrom - ok
10:33:14.0921 0352 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:33:14.0921 0352 CiSvc - ok
10:33:14.0953 0352 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:33:14.0953 0352 ClipSrv - ok
10:33:15.0218 0352 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:33:15.0218 0352 clr_optimization_v2.0.50727_32 - ok
10:33:15.0296 0352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:33:15.0296 0352 clr_optimization_v4.0.30319_32 - ok
10:33:15.0359 0352 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:33:15.0375 0352 CmBatt - ok
10:33:15.0375 0352 CmdIde - ok
10:33:15.0406 0352 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:33:15.0406 0352 Compbatt - ok
10:33:15.0421 0352 COMSysApp - ok
10:33:15.0437 0352 Cpqarray - ok
10:33:15.0484 0352 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:33:15.0484 0352 CryptSvc - ok
10:33:15.0500 0352 dac2w2k - ok
10:33:15.0515 0352 dac960nt - ok
10:33:15.0593 0352 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:33:15.0609 0352 DcomLaunch - ok
10:33:15.0671 0352 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:33:15.0671 0352 Dhcp - ok
10:33:15.0687 0352 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:33:15.0687 0352 Disk - ok
10:33:15.0687 0352 dmadmin - ok
10:33:15.0765 0352 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:33:15.0765 0352 dmboot - ok
10:33:15.0812 0352 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:33:15.0812 0352 dmio - ok
10:33:15.0859 0352 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:33:15.0859 0352 dmload - ok
10:33:15.0890 0352 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:33:15.0890 0352 dmserver - ok
10:33:15.0953 0352 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:33:15.0953 0352 DMusic - ok
10:33:16.0015 0352 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:33:16.0015 0352 Dnscache - ok
10:33:16.0062 0352 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:33:16.0062 0352 Dot3svc - ok
10:33:16.0078 0352 dpti2o - ok
10:33:16.0093 0352 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:33:16.0093 0352 drmkaud - ok
10:33:16.0171 0352 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:33:16.0171 0352 EapHost - ok
10:33:16.0203 0352 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:33:16.0203 0352 ERSvc - ok
10:33:16.0265 0352 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:33:16.0265 0352 Eventlog - ok
10:33:16.0312 0352 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:33:16.0312 0352 EventSystem - ok
10:33:16.0375 0352 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:33:16.0375 0352 Fastfat - ok
10:33:16.0484 0352 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:33:16.0500 0352 FastUserSwitchingCompatibility - ok
10:33:16.0515 0352 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:33:16.0515 0352 Fdc - ok
10:33:16.0546 0352 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:33:16.0546 0352 Fips - ok
10:33:16.0546 0352 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:33:16.0546 0352 Flpydisk - ok
10:33:16.0625 0352 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:33:16.0640 0352 FltMgr - ok
10:33:16.0750 0352 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:33:16.0750 0352 FontCache3.0.0.0 - ok
10:33:16.0750 0352 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:33:16.0765 0352 Fs_Rec - ok
10:33:16.0781 0352 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:33:16.0781 0352 Ftdisk - ok
10:33:16.0828 0352 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:33:16.0828 0352 GEARAspiWDM - ok
10:33:16.0890 0352 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:33:16.0890 0352 Gpc - ok
10:33:16.0984 0352 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:33:16.0984 0352 helpsvc - ok
10:33:17.0000 0352 HidServ - ok
10:33:17.0046 0352 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:33:17.0046 0352 HidUsb - ok
10:33:17.0093 0352 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:33:17.0093 0352 hkmsvc - ok
10:33:17.0109 0352 hpn - ok
10:33:17.0125 0352 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
10:33:17.0125 0352 HpqKbFiltr - ok
10:33:17.0171 0352 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
10:33:17.0171 0352 hpqwmiex - ok
10:33:17.0234 0352 [ 14B135E0F51D8320C7EC05A6A816E5A4 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
10:33:17.0234 0352 HSFHWATI - ok
10:33:17.0328 0352 [ E5ADD2AFECBF514F5CCA730EDFDFB49E ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:33:17.0343 0352 HSF_DP - ok
10:33:17.0421 0352 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:33:17.0421 0352 HTTP - ok
10:33:17.0468 0352 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:33:17.0468 0352 HTTPFilter - ok
10:33:17.0484 0352 i2omp - ok
10:33:17.0531 0352 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:33:17.0531 0352 i8042prt - ok
10:33:17.0734 0352 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:33:17.0750 0352 idsvc - ok
10:33:17.0796 0352 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:33:17.0796 0352 Imapi - ok
10:33:17.0859 0352 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:33:17.0859 0352 ImapiService - ok
10:33:17.0890 0352 ini910u - ok
10:33:17.0906 0352 IntelIde - ok
10:33:17.0937 0352 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:33:17.0937 0352 Ip6Fw - ok
10:33:17.0984 0352 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:33:17.0984 0352 IpFilterDriver - ok
10:33:18.0000 0352 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:33:18.0000 0352 IpInIp - ok
10:33:18.0062 0352 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:33:18.0062 0352 IpNat - ok
10:33:18.0140 0352 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:33:18.0156 0352 iPod Service - ok
10:33:18.0203 0352 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:33:18.0203 0352 IPSec - ok
10:33:18.0250 0352 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:33:18.0250 0352 IRENUM - ok
10:33:18.0281 0352 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:33:18.0281 0352 isapnp - ok
10:33:18.0375 0352 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:33:18.0390 0352 JavaQuickStarterService - ok
10:33:18.0421 0352 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:33:18.0421 0352 Kbdclass - ok
10:33:18.0453 0352 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:33:18.0453 0352 kmixer - ok
10:33:18.0468 0352 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:33:18.0468 0352 KSecDD - ok
10:33:18.0531 0352 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
10:33:18.0531 0352 LanmanServer - ok
10:33:18.0609 0352 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:33:18.0609 0352 lanmanworkstation - ok
10:33:18.0687 0352 [ 575ED0F5DCB34E5C243D2A7EBC860484 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:33:18.0687 0352 LightScribeService - ok
10:33:18.0750 0352 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:33:18.0750 0352 LmHosts - ok
10:33:18.0781 0352 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:33:18.0781 0352 mdmxsdk - ok
10:33:18.0812 0352 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:33:18.0828 0352 Messenger - ok
10:33:18.0875 0352 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:33:18.0875 0352 mnmdd - ok
10:33:18.0921 0352 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:33:18.0921 0352 mnmsrvc - ok
10:33:18.0953 0352 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:33:18.0953 0352 Modem - ok
10:33:19.0015 0352 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:33:19.0015 0352 Mouclass - ok
10:33:19.0062 0352 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:33:19.0062 0352 mouhid - ok
10:33:19.0093 0352 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:33:19.0093 0352 MountMgr - ok
10:33:19.0109 0352 mraid35x - ok
10:33:19.0140 0352 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:33:19.0140 0352 MRxDAV - ok
10:33:19.0234 0352 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:33:19.0234 0352 MRxSmb - ok
10:33:19.0296 0352 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:33:19.0296 0352 MSDTC - ok
10:33:19.0343 0352 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:33:19.0343 0352 Msfs - ok
10:33:19.0359 0352 MSIServer - ok
10:33:19.0390 0352 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:33:19.0390 0352 MSKSSRV - ok
10:33:19.0421 0352 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:33:19.0421 0352 MSPCLOCK - ok
10:33:19.0437 0352 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:33:19.0437 0352 MSPQM - ok
10:33:19.0500 0352 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:33:19.0500 0352 mssmbios - ok
10:33:19.0531 0352 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:33:19.0546 0352 Mup - ok
10:33:19.0593 0352 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:33:19.0593 0352 napagent - ok
10:33:19.0656 0352 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:33:19.0656 0352 NDIS - ok
10:33:19.0718 0352 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:33:19.0718 0352 NdisTapi - ok
10:33:19.0765 0352 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:33:19.0765 0352 Ndisuio - ok
10:33:19.0828 0352 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:33:19.0828 0352 NdisWan - ok
10:33:19.0890 0352 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:33:19.0890 0352 NDProxy - ok
10:33:19.0906 0352 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:33:19.0906 0352 NetBIOS - ok
10:33:19.0921 0352 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:33:19.0937 0352 NetBT - ok
10:33:19.0984 0352 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:33:19.0984 0352 NetDDE - ok
10:33:20.0000 0352 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:33:20.0000 0352 NetDDEdsdm - ok
10:33:20.0046 0352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:33:20.0046 0352 Netlogon - ok
10:33:20.0078 0352 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:33:20.0078 0352 Netman - ok
10:33:20.0156 0352 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:33:20.0156 0352 NetTcpPortSharing - ok
10:33:20.0187 0352 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:33:20.0203 0352 NIC1394 - ok
10:33:20.0265 0352 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:33:20.0265 0352 Nla - ok
10:33:20.0328 0352 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:33:20.0328 0352 Npfs - ok
10:33:20.0406 0352 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:33:20.0421 0352 Ntfs - ok
10:33:20.0437 0352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:33:20.0437 0352 NtLmSsp - ok
10:33:20.0484 0352 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:33:20.0484 0352 NtmsSvc - ok
10:33:20.0515 0352 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:33:20.0546 0352 Null - ok
10:33:20.0593 0352 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:33:20.0609 0352 NwlnkFlt - ok
10:33:20.0625 0352 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:33:20.0625 0352 NwlnkFwd - ok
10:33:20.0640 0352 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:33:20.0640 0352 ohci1394 - ok
10:33:20.0687 0352 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:33:20.0687 0352 Parport - ok
10:33:20.0703 0352 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:33:20.0703 0352 PartMgr - ok
10:33:20.0750 0352 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:33:20.0750 0352 ParVdm - ok
10:33:20.0765 0352 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:33:20.0765 0352 PCI - ok
10:33:20.0781 0352 PCIDump - ok
10:33:20.0796 0352 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:33:20.0796 0352 PCIIde - ok
10:33:20.0828 0352 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:33:20.0828 0352 Pcmcia - ok
10:33:20.0843 0352 perc2 - ok
10:33:20.0859 0352 perc2hib - ok
10:33:20.0890 0352 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:33:20.0906 0352 PlugPlay - ok
10:33:20.0921 0352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:33:20.0921 0352 PolicyAgent - ok
10:33:20.0953 0352 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:33:20.0953 0352 PptpMiniport - ok
10:33:21.0015 0352 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:33:21.0015 0352 Processor - ok
10:33:21.0031 0352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:33:21.0031 0352 ProtectedStorage - ok
10:33:21.0046 0352 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:33:21.0046 0352 PSched - ok
10:33:21.0062 0352 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:33:21.0062 0352 Ptilink - ok
10:33:21.0078 0352 ql1080 - ok
10:33:21.0078 0352 Ql10wnt - ok
10:33:21.0093 0352 ql12160 - ok
10:33:21.0109 0352 ql1240 - ok
10:33:21.0125 0352 ql1280 - ok
10:33:21.0171 0352 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:33:21.0171 0352 RasAcd - ok
10:33:21.0203 0352 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:33:21.0203 0352 RasAuto - ok
10:33:21.0234 0352 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:33:21.0234 0352 Rasl2tp - ok
10:33:21.0250 0352 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:33:21.0250 0352 RasMan - ok
10:33:21.0265 0352 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:33:21.0265 0352 RasPppoe - ok
10:33:21.0281 0352 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:33:21.0281 0352 Raspti - ok
10:33:21.0312 0352 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:33:21.0312 0352 Rdbss - ok
10:33:21.0328 0352 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:33:21.0328 0352 RDPCDD - ok
10:33:21.0375 0352 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:33:21.0375 0352 rdpdr - ok
10:33:21.0421 0352 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:33:21.0421 0352 RDPWD - ok
10:33:21.0453 0352 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:33:21.0453 0352 RDSessMgr - ok
10:33:21.0500 0352 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:33:21.0500 0352 redbook - ok
10:33:21.0562 0352 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:33:21.0562 0352 RemoteAccess - ok
10:33:21.0609 0352 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:33:21.0609 0352 RemoteRegistry - ok
10:33:21.0625 0352 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:33:21.0640 0352 RpcLocator - ok
10:33:21.0687 0352 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:33:21.0687 0352 RpcSs - ok
10:33:21.0718 0352 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:33:21.0718 0352 RSVP - ok
10:33:21.0765 0352 [ 1E7978C5E355407EFDFC7B7328EF13E7 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
10:33:21.0765 0352 RTL8023xp - ok
10:33:21.0796 0352 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:33:21.0796 0352 rtl8139 - ok
10:33:21.0812 0352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:33:21.0828 0352 SamSs - ok
10:33:21.0875 0352 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:33:21.0875 0352 SCardSvr - ok
10:33:21.0937 0352 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:33:21.0937 0352 Schedule - ok
10:33:21.0953 0352 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:33:21.0953 0352 sdbus - ok
10:33:21.0984 0352 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:33:21.0984 0352 Secdrv - ok
10:33:22.0031 0352 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:33:22.0031 0352 seclogon - ok
10:33:22.0046 0352 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:33:22.0046 0352 SENS - ok
10:33:22.0078 0352 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:33:22.0078 0352 Serial - ok
10:33:22.0156 0352 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:33:22.0156 0352 Sfloppy - ok
10:33:22.0203 0352 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:33:22.0203 0352 SharedAccess - ok
10:33:22.0218 0352 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:33:22.0218 0352 ShellHWDetection - ok
10:33:22.0234 0352 Simbad - ok
10:33:22.0265 0352 Sparrow - ok
10:33:22.0312 0352 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:33:22.0312 0352 splitter - ok
10:33:22.0359 0352 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:33:22.0375 0352 Spooler - ok
10:33:22.0437 0352 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:33:22.0437 0352 sr - ok
10:33:22.0468 0352 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:33:22.0468 0352 srservice - ok
10:33:22.0531 0352 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:33:22.0531 0352 Srv - ok
10:33:22.0593 0352 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:33:22.0609 0352 SSDPSRV - ok
10:33:22.0656 0352 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:33:22.0656 0352 stisvc - ok
10:33:22.0687 0352 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:33:22.0687 0352 swenum - ok
10:33:22.0718 0352 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:33:22.0718 0352 swmidi - ok
10:33:22.0718 0352 SwPrv - ok
10:33:22.0734 0352 symc810 - ok
10:33:22.0750 0352 symc8xx - ok
10:33:22.0765 0352 sym_hi - ok
10:33:22.0765 0352 sym_u3 - ok
10:33:22.0828 0352 [ 1DBC86DA355B5DB35174F862C110FD09 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:33:22.0828 0352 SynTP - ok
10:33:22.0890 0352 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:33:22.0890 0352 sysaudio - ok
10:33:22.0937 0352 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:33:22.0937 0352 SysmonLog - ok
10:33:23.0000 0352 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:33:23.0000 0352 TapiSrv - ok
10:33:23.0062 0352 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:33:23.0062 0352 Tcpip - ok
10:33:23.0125 0352 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:33:23.0125 0352 TDPIPE - ok
10:33:23.0156 0352 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:33:23.0156 0352 TDTCP - ok
10:33:23.0187 0352 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:33:23.0187 0352 TermDD - ok
10:33:23.0218 0352 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:33:23.0218 0352 TermService - ok
10:33:23.0250 0352 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:33:23.0265 0352 Themes - ok
10:33:23.0312 0352 [ 0EDC3CF7B38F4260EB006C38E4A44DE4 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
10:33:23.0328 0352 tifm21 - ok
10:33:23.0375 0352 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:33:23.0375 0352 TlntSvr - ok
10:33:23.0390 0352 TosIde - ok
10:33:23.0437 0352 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:33:23.0437 0352 TrkWks - ok
10:33:23.0484 0352 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:33:23.0484 0352 Udfs - ok
10:33:23.0500 0352 ultra - ok
10:33:23.0609 0352 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:33:23.0609 0352 Update - ok
10:33:23.0671 0352 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:33:23.0671 0352 upnphost - ok
10:33:23.0703 0352 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:33:23.0703 0352 UPS - ok
10:33:23.0781 0352 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:33:23.0781 0352 USBAAPL - ok
10:33:23.0796 0352 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:33:23.0796 0352 usbehci - ok
10:33:23.0859 0352 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:33:23.0859 0352 usbhub - ok
10:33:23.0875 0352 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:33:23.0875 0352 usbohci - ok
10:33:23.0921 0352 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:33:23.0921 0352 usbscan - ok
10:33:23.0984 0352 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:33:23.0984 0352 USBSTOR - ok
10:33:24.0000 0352 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:33:24.0000 0352 VgaSave - ok
10:33:24.0000 0352 ViaIde - ok
10:33:24.0046 0352 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:33:24.0046 0352 VolSnap - ok
10:33:24.0125 0352 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:33:24.0125 0352 VSS - ok
10:33:24.0187 0352 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:33:24.0187 0352 W32Time - ok
10:33:24.0250 0352 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:33:24.0250 0352 Wanarp - ok
10:33:24.0328 0352 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:33:24.0328 0352 Wdf01000 - ok
10:33:24.0375 0352 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:33:24.0390 0352 wdmaud - ok
10:33:24.0421 0352 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:33:24.0421 0352 WebClient - ok
10:33:24.0515 0352 [ 2E84A40836B2A8DC523CB530C7262AC3 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:33:24.0515 0352 winachsf - ok
10:33:24.0687 0352 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:33:24.0687 0352 winmgmt - ok
10:33:24.0765 0352 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:33:24.0765 0352 WmdmPmSN - ok
10:33:24.0843 0352 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:33:24.0843 0352 Wmi - ok
10:33:24.0875 0352 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:33:24.0890 0352 WmiAcpi - ok
10:33:24.0921 0352 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:33:24.0937 0352 WmiApSrv - ok
10:33:25.0062 0352 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:33:25.0062 0352 WMPNetworkSvc - ok
10:33:25.0296 0352 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:33:25.0296 0352 WPFFontCache_v0400 - ok
10:33:25.0359 0352 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:33:25.0359 0352 WS2IFSL - ok
10:33:25.0421 0352 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:33:25.0437 0352 wscsvc - ok
10:33:25.0484 0352 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:33:25.0484 0352 wuauserv - ok
10:33:25.0546 0352 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:33:25.0546 0352 WudfPf - ok
10:33:25.0593 0352 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:33:25.0593 0352 WudfRd - ok
10:33:25.0625 0352 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:33:25.0625 0352 WudfSvc - ok
10:33:25.0687 0352 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:33:25.0703 0352 WZCSVC - ok
10:33:25.0750 0352 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:33:25.0750 0352 xmlprov - ok
10:33:25.0781 0352 ================ Scan global ===============================
10:33:25.0828 0352 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:33:25.0875 0352 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:33:25.0906 0352 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:33:25.0953 0352 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:33:25.0968 0352 [Global] - ok
10:33:25.0968 0352 ================ Scan MBR ==================================
10:33:26.0000 0352 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:33:26.0000 0352 Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:33:26.0015 0352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:33:26.0015 0352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:33:26.0031 0352 ================ Scan VBR ==================================
10:33:26.0031 0352 [ 0AC5F89C552C1E1A3EE2CE3C827DB0A4 ] \Device\Harddisk0\DR0\Partition1
10:33:26.0031 0352 \Device\Harddisk0\DR0\Partition1 - ok
10:33:26.0046 0352 ============================================================
10:33:26.0046 0352 Scan finished
10:33:26.0046 0352 ============================================================
10:33:26.0062 3720 Detected object count: 1
10:33:26.0062 3720 Actual detected object count: 1
10:33:42.0453 3720 \Device\Harddisk0\DR0\# - copied to quarantine
10:33:42.0453 3720 \Device\Harddisk0\DR0 - copied to quarantine
10:33:42.0546 3720 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:33:42.0562 3720 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:33:42.0562 3720 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:33:42.0578 3720 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:33:42.0578 3720 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:33:42.0578 3720 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:33:42.0578 3720 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:33:42.0578 3720 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:33:42.0578 3720 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:33:42.0781 3720 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:33:42.0781 3720 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:33:42.0781 3720 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:33:42.0796 3720 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:33:42.0828 3720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:33:42.0828 3720 \Device\Harddisk0\DR0 - ok
10:33:42.0828 3720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:33:48.0671 0380 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-08 10:38:30
-----------------------------
10:38:30.593 OS Version: Windows 5.1.2600 Service Pack 3
10:38:30.593 Number of processors: 1 586 0xF00
10:38:30.593 ComputerName: USER-AA3DE5DE87 UserName: user
10:38:31.031 Initialize success
10:47:27.453 AVAST engine defs: 12090800
10:49:32.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:49:32.562 Disk 0 Vendor: ST9160821A 3.ALD Size: 152627MB BusType: 3
10:49:32.593 Disk 0 MBR read successfully
10:49:32.593 Disk 0 MBR scan
10:49:32.656 Disk 0 Windows XP default MBR code
10:49:32.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
10:49:32.671 Disk 0 scanning sectors +312560640
10:49:32.765 Disk 0 scanning C:\WINDOWS\system32\drivers
10:49:43.359 Service scanning
10:50:02.109 Modules scanning
10:50:12.578 Disk 0 trace - called modules:
10:50:12.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:50:12.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89a34ab8]
10:50:13.125 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000073[0x89a77448]
10:50:13.125 5 ACPI.sys[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89a37940]
10:50:13.859 AVAST engine scan C:\WINDOWS
10:50:28.343 AVAST engine scan C:\WINDOWS\system32
10:53:04.796 AVAST engine scan C:\WINDOWS\system32\drivers
10:53:19.484 AVAST engine scan C:\Documents and Settings\user
10:55:27.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
10:55:27.968 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

#6 idrizmiftari

idrizmiftari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 September 2012 - 10:13 AM

Sorry I was impatient and aswMBR hung on one of the scans, it did complete. Here is the complete log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-08 10:38:30
-----------------------------
10:38:30.593 OS Version: Windows 5.1.2600 Service Pack 3
10:38:30.593 Number of processors: 1 586 0xF00
10:38:30.593 ComputerName: USER-AA3DE5DE87 UserName: user
10:38:31.031 Initialize success
10:47:27.453 AVAST engine defs: 12090800
10:49:32.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:49:32.562 Disk 0 Vendor: ST9160821A 3.ALD Size: 152627MB BusType: 3
10:49:32.593 Disk 0 MBR read successfully
10:49:32.593 Disk 0 MBR scan
10:49:32.656 Disk 0 Windows XP default MBR code
10:49:32.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
10:49:32.671 Disk 0 scanning sectors +312560640
10:49:32.765 Disk 0 scanning C:\WINDOWS\system32\drivers
10:49:43.359 Service scanning
10:50:02.109 Modules scanning
10:50:12.578 Disk 0 trace - called modules:
10:50:12.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:50:12.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89a34ab8]
10:50:13.125 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000073[0x89a77448]
10:50:13.125 5 ACPI.sys[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89a37940]
10:50:13.859 AVAST engine scan C:\WINDOWS
10:50:28.343 AVAST engine scan C:\WINDOWS\system32
10:53:04.796 AVAST engine scan C:\WINDOWS\system32\drivers
10:53:19.484 AVAST engine scan C:\Documents and Settings\user
10:55:27.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
10:55:27.968 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
11:08:47.265 AVAST engine scan C:\Documents and Settings\All Users
11:09:18.968 Scan finished successfully
11:09:51.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
11:09:51.781 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 08 September 2012 - 11:30 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 idrizmiftari

idrizmiftari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 September 2012 - 06:41 PM

Everything is running fine and unless the log shows otherwise I think you did it. Thank you so much.
Here is the combo log.

ComboFix 12-09-08.02 - user 09/08/2012 19:28:36.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1120 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 23:25 . 2012-09-08 23:25 -------- d-----w- c:\windows\LastGood
2012-09-08 14:33 . 2012-09-08 14:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-08 02:28 . 2012-09-08 02:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-08 02:28 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-08 00:35 . 2012-09-08 00:35 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Sun
2012-09-08 00:32 . 2012-09-08 00:32 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2012-09-07 05:34 . 2012-09-07 05:34 -------- d-----w- c:\program files\Microsoft.NET
2012-09-07 05:18 . 2012-09-07 05:18 -------- d-----w- c:\program files\Common Files\Java
2012-09-07 05:18 . 2012-09-07 05:17 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 05:17 . 2012-09-07 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-09-07 05:12 . 2012-09-07 05:12 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-07 02:20 . 2012-09-07 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-09-04 23:37 . 2012-09-04 23:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2012-08-10 15:05 . 2012-08-10 15:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 05:29 . 2012-06-20 05:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 05:29 . 2012-06-20 05:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 05:12 . 2012-06-06 22:48 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-08_05.51.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-11 04:58 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\update\spcustom.dll
- 2012-07-11 04:58 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\spmsg.dll
- 2012-08-17 15:17 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\98ba44a9c208ed8f29b83af1026daea1\update\spcustom.dll
- 2012-08-17 15:17 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\98ba44a9c208ed8f29b83af1026daea1\spmsg.dll
- 2012-07-11 04:57 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\update\spcustom.dll
- 2012-07-11 04:57 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\spmsg.dll
- 2012-08-17 15:16 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\update\spcustom.dll
- 2012-08-17 15:16 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\spmsg.dll
- 2012-07-11 04:58 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\update\spcustom.dll
- 2012-07-11 04:58 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\spmsg.dll
- 2012-06-12 19:37 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\spcustom.dll
- 2012-06-12 19:37 . 2012-05-05 03:16 16896 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\mpsyschk.dll
- 2012-06-12 19:37 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spmsg.dll
- 2012-07-11 04:58 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\update\updspapi.dll
- 2012-07-11 04:58 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\update\update.exe
- 2012-07-11 04:58 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\f361b4bac7097c011eed3107adbf0411\spuninst.exe
- 2012-08-17 15:17 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\98ba44a9c208ed8f29b83af1026daea1\update\updspapi.dll
- 2012-08-17 15:17 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\98ba44a9c208ed8f29b83af1026daea1\update\update.exe
- 2012-08-17 15:17 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\98ba44a9c208ed8f29b83af1026daea1\spuninst.exe
- 2012-07-11 04:57 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\update\updspapi.dll
- 2012-07-11 04:57 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\update\update.exe
- 2012-07-11 04:57 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\5166918af850719d0de1e5e59bad86c4\spuninst.exe
- 2012-08-17 15:16 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\update\updspapi.dll
- 2012-08-17 15:16 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\update\update.exe
- 2012-08-17 15:16 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\4a0e4531b96faf560594eec84d879de6\spuninst.exe
- 2012-07-11 04:58 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\update\updspapi.dll
- 2012-07-11 04:58 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\update\update.exe
- 2012-07-11 04:58 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\2b1811e24bead4a9f2af4d8ed16bdab7\spuninst.exe
- 2012-06-12 19:37 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\updspapi.dll
- 2012-06-12 19:37 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\update.exe
- 2012-06-12 19:37 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2010-11-21 00:17 283792 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-11-05 17:52 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2007-10-19 17:28 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"vToolbarUpdater11.1.0"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"hpqwmiex"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/28/2010 11:12 PM 192896]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [10/25/2011 12:40 PM 167264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 02022759
*NewlyCreated* - 16906005
*NewlyCreated* - ASWMBR
*Deregistered* - 02022759
*Deregistered* - 16906005
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\jsre6m01.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6ee77e80-2396-4b4c-ad6d-a21fc013a069%7D&mid=a0d6deaad9d347d688e6d15de3f46244-af1d7a226d93e0ab954b76cffb147727f3afd74d&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-06%2023%3A24%3A16&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-16906005.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-08 19:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1772)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-08 19:36:50
ComboFix-quarantined-files.txt 2012-09-08 23:36
ComboFix2.txt 2012-09-08 05:56
ComboFix3.txt 2012-09-07 03:58
ComboFix4.txt 2012-06-22 00:13
.
Pre-Run: 118,407,872,512 bytes free
Post-Run: 118,533,431,296 bytes free
.
- - End Of File - - 1355988C34B420CA7C10B67AFD443DC4

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 08 September 2012 - 11:11 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

FrostWire 4.21.3
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 idrizmiftari

idrizmiftari
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 09 September 2012 - 01:43 PM

Sorry my friend took the laptop back. I'll see if I can scare him into giving it back.
Everything seemed to be in order. I told him already about not using frostwire, I had
cleaned his computer before and uninstalled it then, but he re-installed. Thank you
again for helping and I'll see if I can get those logs for you.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 09 September 2012 - 02:03 PM

thank you for letting me know



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:04 PM

Posted 11 September 2012 - 11:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users