Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tojan:Win32/Sirefef.AB


  • This topic is locked This topic is locked
26 replies to this topic

#1 blahblah21

blahblah21

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 18 October 2012 - 04:03 PM

ahhh this virus is on my husband's computer and i have no idea how to get rid of it. MSE keeps finding the virus and asking me to restart to complete removal, but then it pops up again after the restart. i had my windows update on automatic updates, but that's been disabled, and i can't even access the windows update page (it redirects me to) to manually download updates. tried ms malware removal tool, but didn't work (i didn't download until after the infection, though, which i now realize is a big no-no :-/ )

running windows xp

i'd really really appreciate any help!! Thanks! currently posting from (my) uninfected laptop

Edited by blahblah21, 18 October 2012 - 04:04 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 18 October 2012 - 06:00 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 20 October 2012 - 11:46 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 blahblah21

blahblah21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 October 2012 - 03:10 PM

First DDS report

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Habib Khan at 12:59:38 on 2012-10-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1265 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Users\Habib Khan\Desktop\Defogger.exe
C:\Users\Habib Khan\Desktop\SecurityCheck.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\habib khan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CAC911AD-C580-413A-844A-F541525412F1} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\habib khan\appdata\roaming\mozilla\firefox\profiles\2k794bcb.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=___userid___&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\habib khan\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\habib khan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\habib khan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-09-16 14:45; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-09-02 01:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-30 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-7-13 141792]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-13 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-12 15232]
S1 njqpetoq;njqpetoq;c:\windows\system32\drivers\njqpetoq.sys [2012-10-21 43600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-4 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-12 2152720]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-4 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 114144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-21 19:44:06 43600 ----a-w- c:\windows\system32\drivers\njqpetoq.sys
2012-10-21 19:42:59 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{43479b01-ee60-49d3-b67a-7b80053b9108}\offreg.dll
2012-10-21 19:32:29 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{43479b01-ee60-49d3-b67a-7b80053b9108}\mpengine.dll
2012-10-13 00:12:41 -------- d-----w- c:\users\habib khan\appdata\roaming\LavasoftStatistics
2012-10-13 00:11:20 -------- d-----w- c:\users\habib khan\appdata\roaming\Ad-Aware Antivirus
2012-10-10 02:36:32 -------- d-----w- c:\windows\Temp2B1D9B34-E256-A2E0-028A-54D26F7F1773-Signatures
.
==================== Find3M ====================
.
2012-10-21 19:44:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-21 19:44:14 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 02:31:30 4096000 ----a-w- c:\program files\GUTB0E9.tmp
2012-08-29 03:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 03:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:01:44.12 ===============

#5 blahblah21

blahblah21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 October 2012 - 03:11 PM

Second DDS report

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2008 5:54:31 AM
System Uptime: 10/21/2012 12:24:43 PM (1 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 190.002 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.817 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP630: 9/19/2012 8:57:53 PM - Scheduled Checkpoint
RP631: 9/20/2012 8:40:08 PM - Scheduled Checkpoint
RP632: 9/24/2012 2:33:54 PM - Scheduled Checkpoint
RP633: 9/28/2012 5:49:03 PM - Scheduled Checkpoint
RP634: 10/9/2012 8:05:26 PM - Restore Operation
RP635: 10/12/2012 5:13:26 PM - Removed Bonjour
RP636: 10/12/2012 5:17:07 PM - Removed LightScribe System Software 1.14.17.1.
RP637: 10/12/2012 5:21:40 PM - Removed muvee Reveal
RP639: 10/12/2012 5:24:26 PM - Configured Power2Go
RP641: 10/12/2012 5:27:19 PM - Configured PowerDirector
RP642: 10/12/2012 5:35:58 PM - Removed NetZero Preloader
RP644: 10/12/2012 5:44:19 PM - Configured PowerStarter
RP646: 10/12/2012 5:48:39 PM - Configured YouCam
RP647: 10/12/2012 5:50:44 PM - Removed Google Talk Plugin
RP648: 10/12/2012 5:54:08 PM - Removed Google Earth Plug-in.
RP650: 10/12/2012 5:57:36 PM - Removed HP Customer Experience Enhancements
RP651: 10/12/2012 5:58:25 PM - Removed HP Active Support Library.
RP652: 10/12/2012 6:00:57 PM - Removed HP Deskjet 3050 J610 series Product Improvement Study
RP653: 10/12/2012 6:01:20 PM - Removed HP Deskjet 3050 J610 series Product Improvement Study
RP654: 10/12/2012 6:02:53 PM - Removed HP Total Care Advisor
RP656: 10/12/2012 6:05:14 PM - Removed HPTCSSetup
RP657: 10/12/2012 6:07:32 PM - Removed Juno Preloader
RP659: 10/12/2012 6:09:50 PM - Configured LabelPrint
RP660: 10/12/2012 6:11:31 PM - Removed Microsoft Live Search Toolbar
RP662: 10/12/2012 6:14:10 PM - Removed NetWaiting
RP664: 10/12/2012 6:15:21 PM - Removed NetWaiting
RP666: 10/12/2012 6:19:20 PM - Removed Realtek USB 2.0 Card Reader
RP667: 10/12/2012 6:19:57 PM - Removed Microsoft Silverlight
RP668: 10/13/2012 12:11:57 PM - Scheduled Checkpoint
RP669: 10/15/2012 8:28:54 PM - Scheduled Checkpoint
RP670: 10/16/2012 10:04:53 PM - Device Driver Package Install: Synaptics Mice and other pointing devices
RP671: 10/18/2012 7:54:50 AM - Scheduled Checkpoint
RP672: 10/21/2012 12:02:32 PM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcGIS Desktop Evaluation Edition
Atheros Driver Installation Program
ATT-RC Self Support Tool
Bonjour
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink YouCam
Dropbox
ESU for Microsoft Vista
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Photo Creations
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPTCSSetup
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 35
Java™ 6 Update 7
Juno Preloader
K-Lite Codec Pack 7.0.0 (Standard)
LabelPrint
LightScribe System Software 1.14.17.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
Norton Internet Security
Power2Go
PowerDirector
Python 2.5 numpy-1.0.3
Python 2.5.1
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Viewpoint Media Player
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 12:28:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
10/21/2012 12:28:48 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/21/2012 12:27:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/21/2012 12:25:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/21/2012 12:25:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/21/2012 12:25:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/21/2012 12:25:53 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/21/2012 12:25:35 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
10/21/2012 12:25:33 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.135.1334.0;1.135.1334.0 Engine version: 1.1.8704.0
10/21/2012 12:25:32 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.135.1334.0;1.135.1334.0 Engine version: 1.1.8704.0
10/21/2012 10:12:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.43.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/20/2012 10:40:36 AM, Error: EventLog [6008] - The previous system shutdown at 10:38:19 AM on 10/20/2012 was unexpected.
10/20/2012 10:31:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.43.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/18/2012 3:26:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.43.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
10/18/2012 3:26:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.43.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
10/18/2012 3:26:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.43.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
10/18/2012 3:26:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.43.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
10/18/2012 3:26:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.43.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
10/18/2012 3:18:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/18/2012 3:17:08 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.137.317.0;1.137.317.0 Engine version: 1.1.8800.0
10/18/2012 3:17:07 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.137.317.0;1.137.317.0 Engine version: 1.1.8800.0
10/18/2012 2:52:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/18/2012 2:52:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/18/2012 2:52:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/18/2012 2:52:23 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
10/18/2012 2:52:11 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
10/18/2012 2:52:11 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 2:45:11 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.137.1839.0;1.137.1839.0 Engine version: 1.1.8800.0
10/18/2012 2:39:40 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80004004 Error description: Operation aborted
10/18/2012 2:39:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80004004 Error description: Operation aborted
10/18/2012 2:39:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/18/2012 2:39:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/18/2012 2:38:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/18/2012 2:05:44 AM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
10/18/2012 2:05:44 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
10/18/2012 2:05:44 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
10/18/2012 2:05:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
10/18/2012 2:05:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/18/2012 2:05:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/18/2012 2:04:38 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/18/2012 1:40:04 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
10/18/2012 1:40:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
10/18/2012 1:39:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/18/2012 1:39:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/18/2012 1:39:29 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/17/2012 9:51:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/17/2012 9:51:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/17/2012 9:51:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
10/17/2012 8:05:40 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
10/17/2012 8:05:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
10/17/2012 8:04:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/17/2012 8:04:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/17/2012 8:04:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/17/2012 7:17:29 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
10/17/2012 7:17:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
10/17/2012 7:17:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/17/2012 7:17:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8800.0&avdelta=1.137.1940.0&asdelta=1.137.1940.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8000ffff Error description: Catastrophic failure
10/17/2012 7:16:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1940.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/16/2012 6:54:11 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
10/16/2012 6:54:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
10/16/2012 6:53:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1839.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/15/2012 6:21:30 PM, Error: EventLog [6008] - The previous system shutdown at 6:18:27 PM on 10/15/2012 was unexpected.
10/15/2012 5:53:00 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
10/15/2012 5:53:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
10/15/2012 5:52:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/14/2012 8:03:31 AM, Error: EventLog [6008] - The previous system shutdown at 7:57:36 AM on 10/14/2012 was unexpected.
10/14/2012 7:37:51 PM, Error: EventLog [6008] - The previous system shutdown at 7:33:49 PM on 10/14/2012 was unexpected.
10/14/2012 10:31:15 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start.
10/14/2012 10:31:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
10/14/2012 10:29:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.1734.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/14/2012 10:19:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

Security Check

Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Lavasoft Ad-Watch Live! Anti-Virus
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Java™ 6 Update 35
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 21 October 2012 - 04:01 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 blahblah21

blahblah21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 October 2012 - 04:26 PM

Adwcleaner

# AdwCleaner v2.005 - Logfile created 10/21/2012 at 14:14:51
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Habib Khan - HABIBKHAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Habib Khan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Habib Khan\AppData\Roaming\Mozilla\Firefox\Profiles\2k794bcb.default\prefs.js

C:\Users\Habib Khan\AppData\Roaming\Mozilla\Firefox\Profiles\2k794bcb.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "Search the Web");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Habib Khan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2757 octets] - [21/10/2012 14:14:51]

########## EOF - C:\AdwCleaner[S1].txt - [2817 octets] ##########

rogue killer

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Habib Khan [Admin rights]
Mode : Remove -- Date : 10/21/2012 14:24:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][BLPATH] HPCustParticipation HP Deskjet 3050 J610 series : "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe" /UA 9.1 /DDV 0x0805 -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Habib Khan\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Users\Habib Khan\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Habib Khan\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2916640853-3323811955-3851147714-1000\$ff24043d55f85ce9a20a8337d9b4b888\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2916640853-3323811955-3851147714-1000\$ff24043d55f85ce9a20a8337d9b4b888\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] 6e096c8ab3021f6fae5f9964b7fee809
[BSP] d70ba7ca57d24e7090480f3d24fce7fb : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294104 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 602327040 | Size: 11137 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 21 October 2012 - 04:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 blahblah21

blahblah21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 October 2012 - 05:10 PM

combo fix log

ComboFix 12-10-21.02 - Habib Khan 10/21/2012 14:46:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1863 [GMT -7:00]
Running from: c:\users\Habib Khan\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 19:32 . 2012-10-17 09:32 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43479B01-EE60-49D3-B67A-7B80053B9108}\mpengine.dll
2012-10-13 00:59 . 2012-10-13 00:59 -------- d-----w- c:\users\Habib Khan\AppData\Roaming\GTek
2012-10-13 00:43 . 2012-10-13 00:43 -------- d-----w- c:\programdata\Motive
2012-10-13 00:12 . 2012-10-13 00:12 -------- d-----w- c:\users\Habib Khan\AppData\Roaming\LavasoftStatistics
2012-10-13 00:11 . 2012-10-13 00:11 -------- d-----w- c:\users\Habib Khan\AppData\Roaming\Ad-Aware Antivirus
2012-10-10 02:36 . 2012-10-10 02:37 -------- d-----w- c:\windows\Temp2B1D9B34-E256-A2E0-028A-54D26F7F1773-Signatures
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 21:44 . 2012-04-16 23:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-21 21:44 . 2011-06-11 20:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 02:31 . 2012-09-21 02:31 4096000 ----a-w- c:\program files\GUTB0E9.tmp
2012-08-29 03:24 . 2012-05-16 11:16 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 03:24 . 2010-05-11 03:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 08:50 . 2012-09-10 13:33 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-08 13:16 . 2012-09-08 13:15 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-08 00:06 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-12-08 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Habib Khan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Habib Khan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Habib Khan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 21:44]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 03:26]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 03:26]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2916640853-3323811955-3851147714-1000Core.job
- c:\users\Habib Khan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-15 05:23]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2916640853-3323811955-3851147714-1000UA.job
- c:\users\Habib Khan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-15 05:23]
.
2009-03-12 c:\windows\Tasks\HPCeeScheduleForHabib Khan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Habib Khan\AppData\Roaming\Mozilla\Firefox\Profiles\2k794bcb.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=___userid___&q=
FF - ExtSQL: 2012-09-16 14:45; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-09-02 01:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 15:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1588)
c:\users\Habib Khan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\mfevtps.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-10-21 15:04:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-21 22:04
.
Pre-Run: 204,570,087,424 bytes free
Post-Run: 206,668,816,384 bytes free
.
- - End Of File - - 12FD88C17A2A956AA5156D3555DBAE10

#10 blahblah21

blahblah21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 October 2012 - 05:11 PM

no problems while running combo fix; computer restarted after combofix finished running. everything seems to be working okay, but all my antivirus stuff is still disabled. should i re-enable everything?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 21 October 2012 - 05:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 blahblah21

blahblah21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 October 2012 - 05:40 PM

tdsskiller

15:36:36.0899 3344 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:36:37.0390 3344 ============================================================
15:36:37.0391 3344 Current date / time: 2012/10/21 15:36:37.0390
15:36:37.0391 3344 SystemInfo:
15:36:37.0391 3344
15:36:37.0391 3344 OS Version: 6.0.6002 ServicePack: 2.0
15:36:37.0391 3344 Product type: Workstation
15:36:37.0391 3344 ComputerName: HABIBKHAN-PC
15:36:37.0391 3344 UserName: Habib Khan
15:36:37.0391 3344 Windows directory: C:\Windows
15:36:37.0391 3344 System windows directory: C:\Windows
15:36:37.0391 3344 Processor architecture: Intel x86
15:36:37.0391 3344 Number of processors: 2
15:36:37.0391 3344 Page size: 0x1000
15:36:37.0391 3344 Boot type: Normal boot
15:36:37.0391 3344 ============================================================
15:36:39.0098 3344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:36:39.0101 3344 ============================================================
15:36:39.0101 3344 \Device\Harddisk0\DR0:
15:36:39.0101 3344 MBR partitions:
15:36:39.0102 3344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E6C7C1
15:36:39.0102 3344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23E6C800, BlocksNum 0x15C0800
15:36:39.0102 3344 ============================================================
15:36:39.0114 3344 C: <-> \Device\Harddisk0\DR0\Partition1
15:36:39.0214 3344 D: <-> \Device\Harddisk0\DR0\Partition2
15:36:39.0214 3344 ============================================================
15:36:39.0214 3344 Initialize success
15:36:39.0214 3344 ============================================================
15:36:55.0266 3572 ============================================================
15:36:55.0266 3572 Scan started
15:36:55.0266 3572 Mode: Manual;
15:36:55.0266 3572 ============================================================
15:36:56.0128 3572 ================ Scan system memory ========================
15:36:56.0128 3572 System memory - ok
15:36:56.0129 3572 ================ Scan services =============================
15:36:56.0359 3572 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:36:56.0365 3572 ACPI - ok
15:36:56.0619 3572 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:36:56.0622 3572 AdobeFlashPlayerUpdateSvc - ok
15:36:56.0711 3572 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:36:56.0720 3572 adp94xx - ok
15:36:56.0785 3572 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:36:56.0791 3572 adpahci - ok
15:36:56.0801 3572 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:36:56.0803 3572 adpu160m - ok
15:36:56.0844 3572 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:36:56.0846 3572 adpu320 - ok
15:36:56.0952 3572 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:36:56.0953 3572 AeLookupSvc - ok
15:36:57.0044 3572 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:36:57.0055 3572 AFD - ok
15:36:57.0130 3572 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:36:57.0132 3572 agp440 - ok
15:36:57.0199 3572 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:36:57.0201 3572 aic78xx - ok
15:36:57.0224 3572 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:36:57.0226 3572 ALG - ok
15:36:57.0241 3572 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
15:36:57.0242 3572 aliide - ok
15:36:57.0266 3572 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:36:57.0268 3572 amdagp - ok
15:36:57.0285 3572 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
15:36:57.0286 3572 amdide - ok
15:36:57.0308 3572 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:36:57.0309 3572 AmdK7 - ok
15:36:57.0324 3572 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:36:57.0326 3572 AmdK8 - ok
15:36:57.0382 3572 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:36:57.0383 3572 Appinfo - ok
15:36:57.0459 3572 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:36:57.0460 3572 Apple Mobile Device - ok
15:36:57.0550 3572 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:36:57.0552 3572 arc - ok
15:36:57.0589 3572 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:36:57.0611 3572 arcsas - ok
15:36:57.0650 3572 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:36:57.0651 3572 AsyncMac - ok
15:36:57.0677 3572 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:36:57.0677 3572 atapi - ok
15:36:57.0792 3572 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
15:36:57.0813 3572 athr - ok
15:36:57.0868 3572 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:36:57.0873 3572 AudioEndpointBuilder - ok
15:36:57.0883 3572 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:36:57.0888 3572 Audiosrv - ok
15:36:57.0941 3572 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:36:57.0941 3572 Beep - ok
15:36:58.0007 3572 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:36:58.0012 3572 BFE - ok
15:36:58.0105 3572 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
15:36:58.0125 3572 BITS - ok
15:36:58.0185 3572 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:36:58.0187 3572 blbdrive - ok
15:36:58.0299 3572 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:36:58.0305 3572 Bonjour Service - ok
15:36:58.0400 3572 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:36:58.0402 3572 bowser - ok
15:36:58.0490 3572 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:36:58.0491 3572 BrFiltLo - ok
15:36:58.0537 3572 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:36:58.0538 3572 BrFiltUp - ok
15:36:58.0566 3572 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:36:58.0567 3572 Browser - ok
15:36:58.0594 3572 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:36:58.0597 3572 Brserid - ok
15:36:58.0623 3572 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:36:58.0625 3572 BrSerWdm - ok
15:36:58.0646 3572 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:36:58.0648 3572 BrUsbMdm - ok
15:36:58.0657 3572 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:36:58.0658 3572 BrUsbSer - ok
15:36:58.0682 3572 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:36:58.0684 3572 BTHMODEM - ok
15:36:58.0696 3572 catchme - ok
15:36:58.0733 3572 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:36:58.0735 3572 cdfs - ok
15:36:58.0782 3572 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:36:58.0784 3572 cdrom - ok
15:36:58.0822 3572 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:36:58.0824 3572 CertPropSvc - ok
15:36:58.0856 3572 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:36:58.0857 3572 circlass - ok
15:36:58.0893 3572 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:36:58.0896 3572 CLFS - ok
15:36:58.0995 3572 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:36:58.0998 3572 clr_optimization_v2.0.50727_32 - ok
15:36:59.0068 3572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:36:59.0070 3572 clr_optimization_v4.0.30319_32 - ok
15:36:59.0116 3572 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:36:59.0117 3572 CmBatt - ok
15:36:59.0155 3572 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:36:59.0156 3572 cmdide - ok
15:36:59.0264 3572 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
15:36:59.0270 3572 CnxtHdAudService - ok
15:36:59.0387 3572 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:36:59.0391 3572 Com4QLBEx - ok
15:36:59.0428 3572 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:36:59.0430 3572 Compbatt - ok
15:36:59.0450 3572 COMSysApp - ok
15:36:59.0465 3572 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:36:59.0466 3572 crcdisk - ok
15:36:59.0585 3572 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:36:59.0587 3572 Crusoe - ok
15:36:59.0717 3572 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:36:59.0720 3572 CryptSvc - ok
15:36:59.0807 3572 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:36:59.0817 3572 DcomLaunch - ok
15:36:59.0908 3572 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:36:59.0910 3572 DfsC - ok
15:37:00.0061 3572 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:37:00.0095 3572 DFSR - ok
15:37:00.0179 3572 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:37:00.0181 3572 Dhcp - ok
15:37:00.0229 3572 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:37:00.0231 3572 disk - ok
15:37:00.0281 3572 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:37:00.0282 3572 Dnscache - ok
15:37:00.0362 3572 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:37:00.0366 3572 dot3svc - ok
15:37:00.0442 3572 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:37:00.0443 3572 DPS - ok
15:37:00.0494 3572 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:37:00.0495 3572 drmkaud - ok
15:37:00.0533 3572 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:37:00.0544 3572 DXGKrnl - ok
15:37:00.0619 3572 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:37:00.0622 3572 E1G60 - ok
15:37:00.0728 3572 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:37:00.0730 3572 EapHost - ok
15:37:00.0777 3572 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:37:00.0780 3572 Ecache - ok
15:37:00.0817 3572 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:37:00.0822 3572 ehRecvr - ok
15:37:00.0864 3572 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:37:00.0866 3572 ehSched - ok
15:37:00.0946 3572 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:37:00.0947 3572 ehstart - ok
15:37:01.0017 3572 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:37:01.0060 3572 elxstor - ok
15:37:01.0121 3572 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:37:01.0127 3572 EMDMgmt - ok
15:37:01.0148 3572 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:37:01.0149 3572 ErrDev - ok
15:37:01.0203 3572 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:37:01.0206 3572 EventSystem - ok
15:37:01.0307 3572 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:37:01.0311 3572 exfat - ok
15:37:01.0335 3572 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:37:01.0338 3572 fastfat - ok
15:37:01.0378 3572 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:37:01.0380 3572 fdc - ok
15:37:01.0414 3572 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:37:01.0415 3572 fdPHost - ok
15:37:01.0477 3572 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:37:01.0479 3572 FDResPub - ok
15:37:01.0510 3572 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:37:01.0512 3572 FileInfo - ok
15:37:01.0536 3572 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:37:01.0537 3572 Filetrace - ok
15:37:01.0562 3572 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:37:01.0564 3572 flpydisk - ok
15:37:01.0618 3572 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:37:01.0622 3572 FltMgr - ok
15:37:01.0765 3572 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:37:01.0775 3572 FontCache - ok
15:37:01.0875 3572 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:37:01.0877 3572 FontCache3.0.0.0 - ok
15:37:01.0919 3572 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:37:01.0921 3572 Fs_Rec - ok
15:37:01.0970 3572 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:37:01.0973 3572 gagp30kx - ok
15:37:02.0098 3572 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
15:37:02.0103 3572 GameConsoleService - ok
15:37:02.0151 3572 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:37:02.0152 3572 GEARAspiWDM - ok
15:37:02.0191 3572 [ FD7E9ABA274DF75E08320420B8E9A1D5 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
15:37:02.0193 3572 getPlusHelper - ok
15:37:02.0358 3572 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:37:02.0368 3572 gpsvc - ok
15:37:02.0518 3572 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:37:02.0522 3572 gupdate - ok
15:37:02.0529 3572 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:37:02.0531 3572 gupdatem - ok
15:37:02.0657 3572 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:37:02.0664 3572 HdAudAddService - ok
15:37:02.0741 3572 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:37:02.0758 3572 HDAudBus - ok
15:37:02.0823 3572 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:37:02.0825 3572 HidBth - ok
15:37:02.0870 3572 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:37:02.0872 3572 HidIr - ok
15:37:02.0913 3572 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
15:37:02.0916 3572 hidserv - ok
15:37:02.0936 3572 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:37:02.0938 3572 HidUsb - ok
15:37:02.0970 3572 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:37:02.0975 3572 hkmsvc - ok
15:37:03.0102 3572 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
15:37:03.0104 3572 HP Health Check Service - ok
15:37:03.0171 3572 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:37:03.0172 3572 HpCISSs - ok
15:37:03.0227 3572 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:37:03.0228 3572 HpqKbFiltr - ok
15:37:03.0307 3572 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:37:03.0310 3572 hpqwmiex - ok
15:37:03.0454 3572 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:37:03.0478 3572 HSF_DPV - ok
15:37:03.0513 3572 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:37:03.0519 3572 HSXHWAZL - ok
15:37:03.0570 3572 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:37:03.0580 3572 HTTP - ok
15:37:03.0608 3572 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:37:03.0609 3572 i2omp - ok
15:37:03.0679 3572 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:37:03.0681 3572 i8042prt - ok
15:37:03.0724 3572 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:37:03.0729 3572 iaStorV - ok
15:37:03.0824 3572 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:37:03.0827 3572 IDriverT - ok
15:37:03.0980 3572 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:37:04.0001 3572 idsvc - ok
15:37:04.0412 3572 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:37:04.0677 3572 igfx - ok
15:37:04.0723 3572 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:37:04.0725 3572 iirsp - ok
15:37:04.0769 3572 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:37:04.0776 3572 IKEEXT - ok
15:37:04.0824 3572 [ C7E7E43CBD34D3B0A0156B51B917DFCC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
15:37:04.0827 3572 IntcHdmiAddService - ok
15:37:04.0870 3572 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
15:37:04.0871 3572 intelide - ok
15:37:04.0917 3572 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:37:04.0919 3572 intelppm - ok
15:37:04.0956 3572 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:37:04.0960 3572 IPBusEnum - ok
15:37:05.0036 3572 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:37:05.0038 3572 IpFilterDriver - ok
15:37:05.0148 3572 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:37:05.0152 3572 iphlpsvc - ok
15:37:05.0159 3572 IpInIp - ok
15:37:05.0229 3572 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:37:05.0232 3572 IPMIDRV - ok
15:37:05.0275 3572 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:37:05.0279 3572 IPNAT - ok
15:37:05.0368 3572 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:37:05.0380 3572 iPod Service - ok
15:37:05.0423 3572 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:37:05.0424 3572 IRENUM - ok
15:37:05.0456 3572 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:37:05.0461 3572 isapnp - ok
15:37:05.0553 3572 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:37:05.0557 3572 iScsiPrt - ok
15:37:05.0598 3572 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:37:05.0600 3572 iteatapi - ok
15:37:05.0608 3572 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:37:05.0610 3572 iteraid - ok
15:37:05.0627 3572 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:37:05.0628 3572 kbdclass - ok
15:37:05.0707 3572 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:37:05.0708 3572 kbdhid - ok
15:37:05.0763 3572 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:37:05.0766 3572 KeyIso - ok
15:37:05.0923 3572 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:37:05.0934 3572 KSecDD - ok
15:37:06.0039 3572 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:37:06.0045 3572 KtmRm - ok
15:37:06.0100 3572 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
15:37:06.0105 3572 LanmanServer - ok
15:37:06.0181 3572 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:37:06.0188 3572 LanmanWorkstation - ok
15:37:06.0474 3572 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
15:37:06.0502 3572 Lavasoft Ad-Aware Service - ok
15:37:06.0615 3572 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:37:06.0617 3572 Lavasoft Kernexplorer - ok
15:37:06.0682 3572 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
15:37:06.0684 3572 Lbd - ok
15:37:06.0824 3572 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:37:06.0826 3572 LightScribeService - ok
15:37:06.0892 3572 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:37:06.0894 3572 lltdio - ok
15:37:07.0020 3572 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:37:07.0027 3572 lltdsvc - ok
15:37:07.0067 3572 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:37:07.0070 3572 lmhosts - ok
15:37:07.0129 3572 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:37:07.0131 3572 LSI_FC - ok
15:37:07.0189 3572 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:37:07.0191 3572 LSI_SAS - ok
15:37:07.0260 3572 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:37:07.0263 3572 LSI_SCSI - ok
15:37:07.0273 3572 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:37:07.0277 3572 luafv - ok
15:37:07.0483 3572 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
15:37:07.0488 3572 McciCMService - ok
15:37:07.0556 3572 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:37:07.0560 3572 Mcx2Svc - ok
15:37:07.0663 3572 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:37:07.0664 3572 mdmxsdk - ok
15:37:07.0723 3572 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:37:07.0724 3572 megasas - ok
15:37:07.0899 3572 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:37:07.0909 3572 MegaSR - ok
15:37:08.0039 3572 [ 84D59A3EDDFB9438FB94F7F80D37859D ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
15:37:08.0042 3572 mfeapfk - ok
15:37:08.0127 3572 [ 0EFAB2B91B27543FE589DE700DE07136 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
15:37:08.0136 3572 mfehidk - ok
15:37:08.0188 3572 [ 5C1B2814EF2A6313936A111D3FD095AF ] mfevtp C:\Windows\system32\mfevtps.exe
15:37:08.0192 3572 mfevtp - ok
15:37:08.0231 3572 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:37:08.0235 3572 MMCSS - ok
15:37:08.0267 3572 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:37:08.0269 3572 Modem - ok
15:37:08.0372 3572 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:37:08.0373 3572 monitor - ok
15:37:08.0461 3572 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:37:08.0463 3572 mouclass - ok
15:37:08.0487 3572 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\drivers\mouhid.sys
15:37:08.0489 3572 mouhid - ok
15:37:08.0531 3572 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:37:08.0535 3572 MountMgr - ok
15:37:08.0642 3572 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:37:08.0652 3572 MozillaMaintenance - ok
15:37:08.0694 3572 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:37:08.0699 3572 MpFilter - ok
15:37:08.0754 3572 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:37:08.0756 3572 mpio - ok
15:37:08.0832 3572 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:37:08.0834 3572 mpsdrv - ok
15:37:08.0912 3572 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:37:08.0921 3572 MpsSvc - ok
15:37:09.0138 3572 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:37:09.0139 3572 Mraid35x - ok
15:37:09.0201 3572 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:37:09.0205 3572 MRxDAV - ok
15:37:09.0274 3572 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:37:09.0277 3572 mrxsmb - ok
15:37:09.0311 3572 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:37:09.0317 3572 mrxsmb10 - ok
15:37:09.0338 3572 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:37:09.0341 3572 mrxsmb20 - ok
15:37:09.0395 3572 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
15:37:09.0396 3572 msahci - ok
15:37:09.0456 3572 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:37:09.0458 3572 msdsm - ok
15:37:09.0527 3572 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:37:09.0532 3572 MSDTC - ok
15:37:09.0550 3572 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:37:09.0552 3572 Msfs - ok
15:37:09.0617 3572 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:37:09.0620 3572 msisadrv - ok
15:37:09.0673 3572 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:37:09.0679 3572 MSiSCSI - ok
15:37:09.0686 3572 msiserver - ok
15:37:09.0763 3572 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:37:09.0764 3572 MSKSSRV - ok
15:37:09.0859 3572 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:37:09.0860 3572 MsMpSvc - ok
15:37:09.0967 3572 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:37:09.0969 3572 MSPCLOCK - ok
15:37:09.0987 3572 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:37:09.0988 3572 MSPQM - ok
15:37:10.0050 3572 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:37:10.0055 3572 MsRPC - ok
15:37:10.0115 3572 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:37:10.0117 3572 mssmbios - ok
15:37:10.0187 3572 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:37:10.0189 3572 MSTEE - ok
15:37:10.0232 3572 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:37:10.0234 3572 Mup - ok
15:37:10.0326 3572 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:37:10.0339 3572 napagent - ok
15:37:10.0471 3572 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:37:10.0475 3572 NativeWifiP - ok
15:37:10.0572 3572 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:37:10.0579 3572 NDIS - ok
15:37:10.0631 3572 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:37:10.0633 3572 NdisTapi - ok
15:37:10.0679 3572 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:37:10.0680 3572 Ndisuio - ok
15:37:10.0778 3572 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:37:10.0781 3572 NdisWan - ok
15:37:10.0797 3572 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:37:10.0799 3572 NDProxy - ok
15:37:10.0818 3572 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:37:10.0820 3572 NetBIOS - ok
15:37:10.0858 3572 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:37:10.0863 3572 netbt - ok
15:37:10.0874 3572 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:37:10.0878 3572 Netlogon - ok
15:37:10.0927 3572 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:37:10.0933 3572 Netman - ok
15:37:10.0972 3572 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:37:10.0978 3572 netprofm - ok
15:37:11.0045 3572 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:37:11.0050 3572 NetTcpPortSharing - ok
15:37:11.0295 3572 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
15:37:11.0363 3572 NETw3v32 - ok
15:37:11.0410 3572 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:37:11.0412 3572 nfrd960 - ok
15:37:11.0475 3572 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:37:11.0481 3572 NisDrv - ok
15:37:11.0595 3572 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:37:11.0601 3572 NisSrv - ok
15:37:11.0675 3572 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:37:11.0680 3572 NlaSvc - ok
15:37:11.0819 3572 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:37:11.0821 3572 Npfs - ok
15:37:11.0868 3572 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:37:11.0872 3572 nsi - ok
15:37:11.0945 3572 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:37:11.0946 3572 nsiproxy - ok
15:37:12.0271 3572 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:37:12.0350 3572 Ntfs - ok
15:37:12.0404 3572 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:37:12.0406 3572 ntrigdigi - ok
15:37:12.0460 3572 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:37:12.0462 3572 Null - ok
15:37:12.0479 3572 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:37:12.0481 3572 nvraid - ok
15:37:12.0502 3572 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:37:12.0504 3572 nvstor - ok
15:37:12.0543 3572 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:37:12.0547 3572 nv_agp - ok
15:37:12.0554 3572 NwlnkFlt - ok
15:37:12.0564 3572 NwlnkFwd - ok
15:37:12.0655 3572 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:37:12.0657 3572 ohci1394 - ok
15:37:12.0686 3572 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:37:12.0691 3572 ose - ok
15:37:12.0815 3572 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:37:12.0832 3572 p2pimsvc - ok
15:37:12.0855 3572 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:37:12.0867 3572 p2psvc - ok
15:37:12.0922 3572 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:37:12.0925 3572 Parport - ok
15:37:12.0960 3572 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:37:12.0962 3572 partmgr - ok
15:37:12.0978 3572 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:37:12.0979 3572 Parvdm - ok
15:37:13.0002 3572 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:37:13.0007 3572 PcaSvc - ok
15:37:13.0048 3572 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:37:13.0052 3572 pci - ok
15:37:13.0112 3572 [ 1D8B3D8DF8EB7FCF2F0AC02F9F947802 ] pciide C:\Windows\system32\drivers\pciide.sys
15:37:13.0113 3572 pciide - ok
15:37:13.0200 3572 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:37:13.0205 3572 pcmcia - ok
15:37:13.0339 3572 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:37:13.0360 3572 PEAUTH - ok
15:37:13.0581 3572 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:37:13.0618 3572 pla - ok
15:37:13.0727 3572 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:37:13.0734 3572 PlugPlay - ok
15:37:13.0826 3572 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:37:13.0837 3572 PNRPAutoReg - ok
15:37:13.0858 3572 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:37:13.0869 3572 PNRPsvc - ok
15:37:13.0943 3572 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:37:13.0949 3572 PolicyAgent - ok
15:37:13.0984 3572 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:37:13.0987 3572 PptpMiniport - ok
15:37:14.0033 3572 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:37:14.0035 3572 Processor - ok
15:37:14.0112 3572 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:37:14.0117 3572 ProfSvc - ok
15:37:14.0186 3572 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:37:14.0188 3572 ProtectedStorage - ok
15:37:14.0222 3572 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:37:14.0224 3572 PSched - ok
15:37:14.0354 3572 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:37:14.0368 3572 ql2300 - ok
15:37:14.0437 3572 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:37:14.0440 3572 ql40xx - ok
15:37:14.0494 3572 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:37:14.0503 3572 QWAVE - ok
15:37:14.0568 3572 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:37:14.0569 3572 QWAVEdrv - ok
15:37:14.0694 3572 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:37:14.0695 3572 RasAcd - ok
15:37:14.0764 3572 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:37:14.0769 3572 RasAuto - ok
15:37:14.0823 3572 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:14.0826 3572 Rasl2tp - ok
15:37:14.0888 3572 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:37:14.0894 3572 RasMan - ok
15:37:14.0996 3572 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:14.0999 3572 RasPppoe - ok
15:37:15.0046 3572 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:37:15.0049 3572 RasSstp - ok
15:37:15.0193 3572 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:37:15.0200 3572 rdbss - ok
15:37:15.0268 3572 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:15.0270 3572 RDPCDD - ok
15:37:15.0326 3572 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:37:15.0332 3572 rdpdr - ok
15:37:15.0369 3572 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:37:15.0371 3572 RDPENCDD - ok
15:37:15.0407 3572 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:37:15.0412 3572 RDPWD - ok
15:37:15.0585 3572 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
15:37:15.0590 3572 Recovery Service for Windows - ok
15:37:15.0646 3572 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:37:15.0651 3572 RemoteAccess - ok
15:37:15.0726 3572 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:37:15.0731 3572 RemoteRegistry - ok
15:37:15.0920 3572 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
15:37:15.0923 3572 RichVideo - ok
15:37:16.0003 3572 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:37:16.0006 3572 RpcLocator - ok
15:37:16.0263 3572 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:37:16.0274 3572 RpcSs - ok
15:37:16.0381 3572 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:37:16.0384 3572 rspndr - ok
15:37:16.0565 3572 [ 125C504A34D0A2E152517E342E7E432C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
15:37:16.0568 3572 RTL8169 - ok
15:37:16.0672 3572 [ 8DAB5975B5C7923D61506A48E251DBAD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
15:37:16.0674 3572 RTSTOR - ok
15:37:16.0719 3572 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:37:16.0722 3572 SamSs - ok
15:37:16.0784 3572 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:37:16.0786 3572 sbp2port - ok
15:37:16.0851 3572 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:37:16.0857 3572 SCardSvr - ok
15:37:16.0943 3572 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:37:16.0956 3572 Schedule - ok
15:37:17.0113 3572 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:37:17.0114 3572 SCPolicySvc - ok
15:37:17.0211 3572 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:37:17.0214 3572 sdbus - ok
15:37:17.0289 3572 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:37:17.0295 3572 SDRSVC - ok
15:37:17.0348 3572 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:37:17.0350 3572 secdrv - ok
15:37:17.0364 3572 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:37:17.0369 3572 seclogon - ok
15:37:17.0391 3572 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
15:37:17.0395 3572 SENS - ok
15:37:17.0437 3572 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:37:17.0439 3572 Serenum - ok
15:37:17.0484 3572 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:37:17.0525 3572 Serial - ok
15:37:17.0603 3572 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:37:17.0605 3572 sermouse - ok
15:37:17.0723 3572 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:37:17.0729 3572 SessionEnv - ok
15:37:17.0794 3572 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:37:17.0796 3572 sffdisk - ok
15:37:17.0868 3572 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:37:17.0870 3572 sffp_mmc - ok
15:37:17.0914 3572 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:37:17.0919 3572 sffp_sd - ok
15:37:17.0947 3572 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:37:17.0949 3572 sfloppy - ok
15:37:18.0030 3572 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:37:18.0038 3572 SharedAccess - ok
15:37:18.0147 3572 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:37:18.0154 3572 ShellHWDetection - ok
15:37:18.0259 3572 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:37:18.0261 3572 sisagp - ok
15:37:18.0300 3572 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:37:18.0301 3572 SiSRaid2 - ok
15:37:18.0398 3572 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:37:18.0400 3572 SiSRaid4 - ok
15:37:18.0677 3572 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:37:18.0718 3572 slsvc - ok
15:37:18.0776 3572 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:37:18.0781 3572 SLUINotify - ok
15:37:18.0929 3572 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:37:18.0932 3572 Smb - ok
15:37:19.0042 3572 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:37:19.0047 3572 SNMPTRAP - ok
15:37:19.0124 3572 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:37:19.0126 3572 spldr - ok
15:37:19.0199 3572 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:37:19.0204 3572 Spooler - ok
15:37:19.0375 3572 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:37:19.0384 3572 srv - ok
15:37:19.0438 3572 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:37:19.0442 3572 srv2 - ok
15:37:19.0508 3572 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:37:19.0511 3572 srvnet - ok
15:37:19.0589 3572 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:37:19.0594 3572 SSDPSRV - ok
15:37:19.0682 3572 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:37:19.0687 3572 SstpSvc - ok
15:37:19.0762 3572 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:37:19.0763 3572 StillCam - ok
15:37:19.0881 3572 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:37:19.0890 3572 stisvc - ok
15:37:19.0930 3572 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:37:19.0931 3572 swenum - ok
15:37:20.0019 3572 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:37:20.0026 3572 swprv - ok
15:37:20.0090 3572 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:37:20.0216 3572 Symc8xx - ok
15:37:20.0252 3572 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:37:20.0253 3572 Sym_hi - ok
15:37:20.0352 3572 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:37:20.0354 3572 Sym_u3 - ok
15:37:20.0419 3572 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:37:20.0422 3572 SynTP - ok
15:37:20.0579 3572 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:37:20.0592 3572 SysMain - ok
15:37:20.0640 3572 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:37:20.0645 3572 TabletInputService - ok
15:37:20.0752 3572 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:37:20.0758 3572 TapiSrv - ok
15:37:20.0820 3572 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:37:20.0824 3572 TBS - ok
15:37:21.0008 3572 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:37:21.0029 3572 Tcpip - ok
15:37:21.0124 3572 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:37:21.0137 3572 Tcpip6 - ok
15:37:21.0208 3572 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:37:21.0211 3572 tcpipreg - ok
15:37:21.0336 3572 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:37:21.0338 3572 TDPIPE - ok
15:37:21.0409 3572 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:37:21.0411 3572 TDTCP - ok
15:37:21.0490 3572 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:37:21.0493 3572 tdx - ok
15:37:21.0551 3572 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:37:21.0553 3572 TermDD - ok
15:37:21.0667 3572 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:37:21.0677 3572 TermService - ok
15:37:21.0803 3572 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:37:21.0810 3572 Themes - ok
15:37:21.0899 3572 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:37:21.0902 3572 THREADORDER - ok
15:37:21.0941 3572 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:37:21.0945 3572 TrkWks - ok
15:37:22.0072 3572 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:37:22.0073 3572 TrustedInstaller - ok
15:37:22.0173 3572 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:22.0175 3572 tssecsrv - ok
15:37:22.0235 3572 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:37:22.0238 3572 tunmp - ok
15:37:22.0307 3572 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:37:22.0309 3572 tunnel - ok
15:37:22.0376 3572 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:37:22.0379 3572 uagp35 - ok
15:37:22.0511 3572 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:37:22.0517 3572 udfs - ok
15:37:22.0609 3572 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:37:22.0614 3572 UI0Detect - ok
15:37:22.0673 3572 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:37:22.0675 3572 uliagpkx - ok
15:37:22.0754 3572 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:37:22.0759 3572 uliahci - ok
15:37:22.0798 3572 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:37:22.0804 3572 UlSata - ok
15:37:22.0871 3572 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:37:22.0874 3572 ulsata2 - ok
15:37:22.0946 3572 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:37:22.0948 3572 umbus - ok
15:37:23.0010 3572 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:37:23.0017 3572 upnphost - ok
15:37:23.0133 3572 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:23.0245 3572 usbccgp - ok
15:37:23.0268 3572 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:37:23.0271 3572 usbcir - ok
15:37:23.0330 3572 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:37:23.0332 3572 usbehci - ok
15:37:23.0371 3572 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:37:23.0377 3572 usbhub - ok
15:37:23.0433 3572 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:37:23.0435 3572 usbohci - ok
15:37:23.0503 3572 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:37:23.0505 3572 usbprint - ok
15:37:23.0595 3572 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:37:23.0597 3572 usbscan - ok
15:37:23.0687 3572 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:23.0690 3572 USBSTOR - ok
15:37:23.0739 3572 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:37:23.0741 3572 usbuhci - ok
15:37:23.0798 3572 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:37:23.0803 3572 usbvideo - ok
15:37:23.0834 3572 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:37:23.0839 3572 UxSms - ok
15:37:23.0939 3572 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:37:23.0952 3572 vds - ok
15:37:24.0007 3572 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:24.0009 3572 vga - ok
15:37:24.0077 3572 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:37:24.0079 3572 VgaSave - ok
15:37:24.0146 3572 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:37:24.0149 3572 viaagp - ok
15:37:24.0212 3572 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:37:24.0214 3572 ViaC7 - ok
15:37:24.0255 3572 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
15:37:24.0257 3572 viaide - ok
15:37:24.0325 3572 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:37:24.0327 3572 volmgr - ok
15:37:24.0413 3572 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:37:24.0420 3572 volmgrx - ok
15:37:24.0473 3572 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:37:24.0478 3572 volsnap - ok
15:37:24.0583 3572 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:37:24.0586 3572 vsmraid - ok
15:37:24.0750 3572 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:37:24.0769 3572 VSS - ok
15:37:24.0843 3572 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:37:24.0851 3572 W32Time - ok
15:37:24.0913 3572 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:37:24.0915 3572 WacomPen - ok
15:37:24.0981 3572 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:37:24.0984 3572 Wanarp - ok
15:37:24.0990 3572 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:37:24.0992 3572 Wanarpv6 - ok
15:37:25.0099 3572 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:37:25.0113 3572 wcncsvc - ok
15:37:25.0158 3572 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:37:25.0163 3572 WcsPlugInService - ok
15:37:25.0227 3572 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:37:25.0228 3572 Wd - ok
15:37:25.0380 3572 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:37:25.0393 3572 Wdf01000 - ok
15:37:25.0521 3572 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:37:25.0526 3572 WdiServiceHost - ok
15:37:25.0533 3572 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:37:25.0539 3572 WdiSystemHost - ok
15:37:25.0638 3572 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:37:25.0645 3572 WebClient - ok
15:37:25.0786 3572 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:37:25.0794 3572 Wecsvc - ok
15:37:25.0859 3572 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:37:25.0865 3572 wercplsupport - ok
15:37:25.0929 3572 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:37:25.0934 3572 WerSvc - ok
15:37:26.0100 3572 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:37:26.0116 3572 winachsf - ok
15:37:26.0237 3572 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:37:26.0244 3572 WinDefend - ok
15:37:26.0256 3572 WinHttpAutoProxySvc - ok
15:37:26.0345 3572 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:37:26.0348 3572 Winmgmt - ok
15:37:26.0503 3572 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:37:26.0534 3572 WinRM - ok
15:37:26.0669 3572 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:37:26.0680 3572 Wlansvc - ok
15:37:26.0872 3572 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:37:26.0873 3572 WmiAcpi - ok
15:37:26.0980 3572 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:37:26.0982 3572 wmiApSrv - ok
15:37:27.0128 3572 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:37:27.0141 3572 WMPNetworkSvc - ok
15:37:27.0263 3572 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:37:27.0271 3572 WPCSvc - ok
15:37:27.0313 3572 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:37:27.0318 3572 WPDBusEnum - ok
15:37:27.0467 3572 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:37:27.0469 3572 WpdUsb - ok
15:37:27.0706 3572 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:37:27.0724 3572 WPFFontCache_v0400 - ok
15:37:27.0771 3572 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:37:27.0773 3572 ws2ifsl - ok
15:37:27.0849 3572 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
15:37:27.0854 3572 wscsvc - ok
15:37:27.0861 3572 WSearch - ok
15:37:28.0049 3572 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:37:28.0073 3572 wuauserv - ok
15:37:28.0303 3572 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:28.0306 3572 WUDFRd - ok
15:37:28.0356 3572 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:37:28.0361 3572 wudfsvc - ok
15:37:28.0441 3572 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:37:28.0443 3572 XAudio - ok
15:37:28.0501 3572 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:37:28.0506 3572 XAudioService - ok
15:37:28.0734 3572 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:37:28.0743 3572 YahooAUService - ok
15:37:28.0811 3572 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
15:37:28.0817 3572 yukonwlh - ok
15:37:28.0842 3572 ================ Scan global ===============================
15:37:28.0880 3572 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:37:28.0969 3572 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:37:29.0085 3572 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:37:29.0140 3572 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:37:29.0147 3572 [Global] - ok
15:37:29.0148 3572 ================ Scan MBR ==================================
15:37:29.0192 3572 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
15:37:29.0698 3572 \Device\Harddisk0\DR0 - ok
15:37:29.0698 3572 ================ Scan VBR ==================================
15:37:29.0726 3572 [ C332FA9820C73124B55C422BC1594018 ] \Device\Harddisk0\DR0\Partition1
15:37:29.0728 3572 \Device\Harddisk0\DR0\Partition1 - ok
15:37:29.0783 3572 [ 1F9EC792AC2040631D616FBDE43965AC ] \Device\Harddisk0\DR0\Partition2
15:37:29.0786 3572 \Device\Harddisk0\DR0\Partition2 - ok
15:37:29.0786 3572 ============================================================
15:37:29.0786 3572 Scan finished
15:37:29.0786 3572 ============================================================
15:37:29.0807 4072 Detected object count: 0
15:37:29.0807 4072 Actual detected object count: 0

#13 blahblah21

blahblah21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 October 2012 - 06:01 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-21 15:41:32
-----------------------------
15:41:32.835 OS Version: Windows 6.0.6002 Service Pack 2
15:41:32.835 Number of processors: 2 586 0x170A
15:41:32.836 ComputerName: HABIBKHAN-PC UserName: Habib Khan
15:41:35.681 Initialize success
15:45:47.493 AVAST engine defs: 12102101
15:47:01.418 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:47:01.421 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
15:47:01.463 Disk 0 MBR read successfully
15:47:01.466 Disk 0 MBR scan
15:47:01.471 Disk 0 unknown MBR code
15:47:01.474 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294104 MB offset 63
15:47:01.509 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11137 MB offset 602327040
15:47:01.519 Disk 0 scanning sectors +625135616
15:47:01.570 Disk 0 scanning C:\Windows\system32\drivers
15:47:14.303 Service scanning
15:47:47.057 Modules scanning
15:47:58.267 Disk 0 trace - called modules:
15:47:58.290 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
15:47:58.297 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f802e8]
15:47:58.304 3 CLASSPNP.SYS[8a2098b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856a0b98]
15:48:00.113 AVAST engine scan C:\Windows
15:48:05.247 AVAST engine scan C:\Windows\system32
15:51:33.532 AVAST engine scan C:\Windows\system32\drivers
15:51:58.580 AVAST engine scan C:\Users\Habib Khan
15:55:24.792 AVAST engine scan C:\ProgramData
16:00:08.155 Scan finished successfully
16:00:19.368 Disk 0 MBR has been saved successfully to "C:\Users\Habib Khan\Desktop\MBR.dat"
16:00:19.375 The log file has been saved successfully to "C:\Users\Habib Khan\Desktop\aswMBR.txt"

#14 blahblah21

blahblah21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 21 October 2012 - 06:05 PM

windows update just popped up and says ready to install 13 updates

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:27 PM

Posted 22 October 2012 - 12:06 AM

Greetings

run this first then allow the updates and turn everything back on.


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users