Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comcast Constant Guard Service Alert -- infected with a bot


  • This topic is locked This topic is locked
10 replies to this topic

#1 Chesterton Brown

Chesterton Brown

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 27 March 2013 - 01:17 PM

I received an email from Comcast about a "Constant Guard Service Alert" on March 14. Since then, I've tried full scans with Microsoft Security Essentials, MalwareBytes, and the Miscrosoft Malicious Software Removal Tool. MalwareBytes pulled up one thing that it cleaned out (sorry, I didn't think to copy down what it was), but the two microsoft scans pulled up nothing. I thought maybe I'd fixed the problem, but Comcast's "Am I botted?" site is still telling me that it detects one bot, which it calls "Adware_Criminal_Financial_SProtector," which was last seen this morning March 27th 2013, at 3:21 am. I have no idea what that is, but it seems bad, and Comcast reports seeing it 31 times.

 

So I did some searching on what to do next, since Comcast's help tool is next to useless. I found this post here on bleeping computer, which seemed to be a similar problem. I ran the Kaspersky TDSS killer, the aswMBR, and the ESET scans this morning, and I have all the logs (I copied the ESET export list in below because it was shorter; I can post the others if needed). The TDSS Killer found a threat, and the ESET claims to have found and cleaned five suspicious files.

 

However, I'm not convinced I'm in the clear yet (have to wait and see if Comcast detects any more bot activity over the next 24-48 hours, I think), and I'm wondering what else I should do, especially if Comcast still detects a problem?

 

I'm running Microsoft XP Pro with SP 3, and it's fully up-to-date as of today.

 

Thank you!

 

ESET list:

 

 

C:\Documents and Settings\All Users\Application Data\BroiWse2save\513289e1bdf49.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\tpr9kjpf.default\extensions\rjwdwmwuye@auwa.co.uk\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Documents and Settings\Patrick\Local Settings\Temp\7zSFE7.tmp\513289e1bdf49.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\Documents and Settings\Patrick\Local Settings\Temp\7zSFE7.tmp\ogdidlmofllfjdfoieiabjbnofokfpio\513289e1bdd153.37919241.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Documents and Settings\Patrick\Local Settings\Temp\7zSFE7.tmp\rjwdwmwuye@auwa.co.uk\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 AM

Posted 27 March 2013 - 05:43 PM

Hello. please post all the logs thanks.


-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
What does Comcast do with it?
Can you submit the file for testing?
Adware_Criminal_Financial_SProtector

If so copy it and paste it here..
https://www.virustotal.com/en/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Chesterton Brown

Chesterton Brown
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 27 March 2013 - 06:57 PM



Hi, thank you for your help. I've copied in the Security Check log, the TDSS root kit removal log, and the aswMBR log in below. As to what Comcast does with it, I have no idea. As far as I can tell, they just monitor and notify their users who might be affected -- I've been checking up on my status at: https://amibotted.comcast.net/. For your final question, I do not understand to which file you are referring.
 
 
Results of screen317's Security Check version 0.99.61  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 JavaFX 2.1.1    
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (19.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
08:34:37.0421 5248  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:34:38.0250 5248  ============================================================
08:34:38.0250 5248  Current date / time: 2013/03/27 08:34:38.0250
08:34:38.0250 5248  SystemInfo:
08:34:38.0250 5248  
08:34:38.0250 5248  OS Version: 5.1.2600 ServicePack: 3.0
08:34:38.0250 5248  Product type: Workstation
08:34:38.0250 5248  ComputerName: FOUNDATION
08:34:38.0250 5248  UserName: Patrick
08:34:38.0250 5248  Windows directory: C:\WINDOWS
08:34:38.0250 5248  System windows directory: C:\WINDOWS
08:34:38.0250 5248  Processor architecture: Intel x86
08:34:38.0250 5248  Number of processors: 4
08:34:38.0250 5248  Page size: 0x1000
08:34:38.0250 5248  Boot type: Normal boot
08:34:38.0250 5248  ============================================================
08:34:38.0921 5248  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:34:38.0921 5248  ============================================================
08:34:38.0921 5248  \Device\Harddisk0\DR0:
08:34:38.0921 5248  MBR partitions:
08:34:38.0921 5248  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x39CCEE0B
08:34:38.0921 5248  ============================================================
08:34:38.0953 5248  C: <-> \Device\Harddisk0\DR0\Partition1
08:34:38.0953 5248  ============================================================
08:34:38.0953 5248  Initialize success
08:34:38.0953 5248  ============================================================
08:35:01.0687 6432  ============================================================
08:35:01.0687 6432  Scan started
08:35:01.0687 6432  Mode: Manual; TDLFS; 
08:35:01.0687 6432  ============================================================
08:35:02.0718 6432  ================ Scan system memory ========================
08:35:02.0718 6432  System memory - ok
08:35:02.0718 6432  ================ Scan services =============================
08:35:02.0953 6432  [ F99A8791C118B533688CF1EBDC8A3D2B ] #UpdateService  C:\Program Files\Box Sync\UpdateService.exe
08:35:02.0968 6432  #UpdateService - ok
08:35:03.0859 6432  Abiosdsk - ok
08:35:03.0859 6432  abp480n5 - ok
08:35:03.0921 6432  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:35:04.0015 6432  ACPI - ok
08:35:04.0078 6432  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
08:35:04.0093 6432  ACPIEC - ok
08:35:04.0281 6432  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:35:04.0296 6432  AdobeFlashPlayerUpdateSvc - ok
08:35:04.0296 6432  adpu160m - ok
08:35:04.0343 6432  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
08:35:04.0359 6432  aec - ok
08:35:04.0453 6432  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
08:35:04.0453 6432  AFD - ok
08:35:04.0453 6432  Aha154x - ok
08:35:04.0468 6432  aic78u2 - ok
08:35:04.0468 6432  aic78xx - ok
08:35:04.0515 6432  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
08:35:04.0531 6432  Alerter - ok
08:35:04.0562 6432  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
08:35:04.0578 6432  ALG - ok
08:35:04.0578 6432  AliIde - ok
08:35:04.0578 6432  amsint - ok
08:35:04.0671 6432  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:35:04.0687 6432  AppMgmt - ok
08:35:04.0812 6432  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:35:04.0812 6432  Arp1394 - ok
08:35:04.0812 6432  asc - ok
08:35:04.0812 6432  asc3350p - ok
08:35:04.0812 6432  asc3550 - ok
08:35:05.0046 6432  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:35:05.0062 6432  aspnet_state - ok
08:35:05.0109 6432  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:35:05.0125 6432  AsyncMac - ok
08:35:05.0156 6432  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
08:35:05.0171 6432  atapi - ok
08:35:05.0171 6432  Atdisk - ok
08:35:05.0421 6432  [ 281D26DF656E53DAB568214EE282EC46 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
08:35:05.0421 6432  Ati HotKey Poller - ok
08:35:06.0234 6432  [ C2B6F2161ABD498D2B453050FFC81812 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:35:09.0140 6432  ati2mtag - ok
08:35:09.0203 6432  [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
08:35:09.0218 6432  AtiHdmiService - ok
08:35:09.0281 6432  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:35:09.0296 6432  Atmarpc - ok
08:35:09.0375 6432  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
08:35:09.0390 6432  AudioSrv - ok
08:35:09.0437 6432  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
08:35:09.0453 6432  audstub - ok
08:35:09.0515 6432  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:35:09.0531 6432  Beep - ok
08:35:09.0687 6432  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
08:35:09.0906 6432  BITS - ok
08:35:10.0000 6432  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
08:35:10.0046 6432  Browser - ok
08:35:10.0140 6432  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
08:35:10.0140 6432  cbidf2k - ok
08:35:10.0140 6432  cd20xrnt - ok
08:35:10.0203 6432  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
08:35:10.0218 6432  Cdaudio - ok
08:35:10.0234 6432  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
08:35:10.0234 6432  Cdfs - ok
08:35:10.0312 6432  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:35:10.0328 6432  Cdrom - ok
08:35:10.0406 6432  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
08:35:10.0421 6432  cercsr6 - ok
08:35:10.0437 6432  Changer - ok
08:35:10.0500 6432  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
08:35:10.0515 6432  CiSvc - ok
08:35:10.0562 6432  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
08:35:10.0578 6432  ClipSrv - ok
08:35:10.0609 6432  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:35:10.0656 6432  clr_optimization_v2.0.50727_32 - ok
08:35:10.0671 6432  CmdIde - ok
08:35:10.0687 6432  COMSysApp - ok
08:35:10.0687 6432  Cpqarray - ok
08:35:10.0781 6432  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
08:35:10.0812 6432  CryptSvc - ok
08:35:10.0828 6432  dac2w2k - ok
08:35:10.0828 6432  dac960nt - ok
08:35:11.0015 6432  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:35:11.0218 6432  DcomLaunch - ok
08:35:11.0296 6432  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
08:35:11.0328 6432  Dhcp - ok
08:35:11.0359 6432  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
08:35:11.0359 6432  Disk - ok
08:35:11.0375 6432  dmadmin - ok
08:35:11.0718 6432  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
08:35:12.0062 6432  dmboot - ok
08:35:12.0125 6432  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
08:35:12.0140 6432  dmio - ok
08:35:12.0187 6432  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
08:35:12.0187 6432  dmload - ok
08:35:12.0234 6432  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
08:35:12.0265 6432  dmserver - ok
08:35:12.0296 6432  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
08:35:12.0328 6432  DMusic - ok
08:35:12.0375 6432  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:35:12.0375 6432  Dnscache - ok
08:35:12.0437 6432  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:35:12.0484 6432  Dot3svc - ok
08:35:12.0484 6432  dpti2o - ok
08:35:12.0546 6432  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:35:12.0562 6432  drmkaud - ok
08:35:12.0640 6432  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:35:12.0640 6432  EapHost - ok
08:35:12.0671 6432  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
08:35:12.0687 6432  ERSvc - ok
08:35:12.0750 6432  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
08:35:12.0781 6432  Eventlog - ok
08:35:12.0843 6432  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
08:35:12.0875 6432  EventSystem - ok
08:35:12.0921 6432  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
08:35:12.0921 6432  Fastfat - ok
08:35:12.0984 6432  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:35:13.0000 6432  FastUserSwitchingCompatibility - ok
08:35:13.0062 6432  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
08:35:13.0078 6432  Fdc - ok
08:35:13.0093 6432  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
08:35:13.0109 6432  Fips - ok
08:35:13.0140 6432  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
08:35:13.0140 6432  Flpydisk - ok
08:35:13.0203 6432  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:35:13.0203 6432  FltMgr - ok
08:35:13.0281 6432  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:35:13.0281 6432  FontCache3.0.0.0 - ok
08:35:13.0500 6432  [ A621E716E040682A66E636377F57E40B ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
08:35:13.0593 6432  ForceWare Intelligent Application Manager (IAM) - ok
08:35:13.0625 6432  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:35:13.0625 6432  Fs_Rec - ok
08:35:13.0671 6432  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:35:13.0687 6432  Ftdisk - ok
08:35:13.0781 6432  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:35:13.0828 6432  Gpc - ok
08:35:14.0000 6432  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:35:14.0000 6432  gusvc - ok
08:35:14.0046 6432  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:35:14.0062 6432  HDAudBus - ok
08:35:14.0250 6432  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:35:14.0281 6432  helpsvc - ok
08:35:14.0312 6432  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
08:35:14.0328 6432  HidServ - ok
08:35:14.0390 6432  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:35:14.0406 6432  hidusb - ok
08:35:14.0437 6432  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
08:35:14.0453 6432  hkmsvc - ok
08:35:14.0453 6432  hpn - ok
08:35:14.0562 6432  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
08:35:14.0687 6432  HTTP - ok
08:35:14.0734 6432  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
08:35:14.0765 6432  HTTPFilter - ok
08:35:14.0765 6432  i2omgmt - ok
08:35:14.0765 6432  i2omp - ok
08:35:14.0796 6432  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
08:35:14.0812 6432  i8042prt - ok
08:35:15.0125 6432  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:35:15.0250 6432  idsvc - ok
08:35:15.0359 6432  [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
08:35:15.0375 6432  IJPLMSVC - ok
08:35:15.0406 6432  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
08:35:15.0406 6432  Imapi - ok
08:35:15.0453 6432  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
08:35:15.0453 6432  ImapiService - ok
08:35:15.0468 6432  ini910u - ok
08:35:15.0765 6432  [ 47C79F7E330CBB829934D00F64D55FC9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:35:16.0140 6432  IntcAzAudAddService - ok
08:35:16.0156 6432  IntelIde - ok
08:35:16.0187 6432  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:35:16.0203 6432  intelppm - ok
08:35:16.0234 6432  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
08:35:16.0265 6432  Ip6Fw - ok
08:35:16.0328 6432  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:35:16.0359 6432  IpFilterDriver - ok
08:35:16.0453 6432  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:35:16.0468 6432  IpInIp - ok
08:35:16.0531 6432  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:35:16.0562 6432  IpNat - ok
08:35:16.0578 6432  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:35:16.0593 6432  IPSec - ok
08:35:16.0625 6432  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
08:35:16.0640 6432  IRENUM - ok
08:35:16.0687 6432  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:35:16.0718 6432  isapnp - ok
08:35:17.0046 6432  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
08:35:17.0078 6432  JavaQuickStarterService - ok
08:35:17.0109 6432  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:35:17.0125 6432  Kbdclass - ok
08:35:17.0156 6432  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:35:17.0171 6432  kbdhid - ok
08:35:17.0234 6432  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
08:35:17.0250 6432  kmixer - ok
08:35:17.0312 6432  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
08:35:17.0328 6432  KSecDD - ok
08:35:17.0375 6432  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
08:35:17.0390 6432  lanmanserver - ok
08:35:17.0468 6432  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:35:17.0468 6432  lanmanworkstation - ok
08:35:17.0468 6432  lbrtfdc - ok
08:35:17.0531 6432  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
08:35:17.0546 6432  LmHosts - ok
08:35:17.0609 6432  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
08:35:17.0625 6432  MBAMProtector - ok
08:35:17.0859 6432  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:35:18.0078 6432  MBAMScheduler - ok
08:35:18.0281 6432  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:35:18.0609 6432  MBAMService - ok
08:35:18.0687 6432  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
08:35:18.0750 6432  Messenger - ok
08:35:18.0812 6432  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
08:35:18.0843 6432  mnmdd - ok
08:35:18.0890 6432  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
08:35:18.0890 6432  mnmsrvc - ok
08:35:18.0968 6432  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
08:35:18.0984 6432  Modem - ok
08:35:19.0046 6432  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:35:19.0062 6432  Mouclass - ok
08:35:19.0093 6432  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:35:19.0109 6432  mouhid - ok
08:35:19.0125 6432  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
08:35:19.0125 6432  MountMgr - ok
08:35:19.0218 6432  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:35:19.0250 6432  MozillaMaintenance - ok
08:35:19.0359 6432  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:35:19.0375 6432  MpFilter - ok
08:35:19.0718 6432  [ A69630D039C38018689190234F866D77 ] MpKsl1c29018c   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A12AC98-47D0-4931-A137-5C8515AA9E60}\MpKsl1c29018c.sys
08:35:19.0718 6432  MpKsl1c29018c - ok
08:35:19.0734 6432  mraid35x - ok
08:35:19.0796 6432  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:35:19.0859 6432  MRxDAV - ok
08:35:20.0000 6432  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:35:20.0234 6432  MRxSmb - ok
08:35:20.0312 6432  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
08:35:20.0328 6432  MSDTC - ok
08:35:20.0343 6432  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:35:20.0343 6432  Msfs - ok
08:35:20.0343 6432  MSIServer - ok
08:35:20.0375 6432  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:35:20.0390 6432  MSKSSRV - ok
08:35:20.0515 6432  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:35:20.0531 6432  MsMpSvc - ok
08:35:20.0562 6432  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:35:20.0578 6432  MSPCLOCK - ok
08:35:20.0656 6432  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:35:20.0671 6432  MSPQM - ok
08:35:20.0796 6432  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:35:20.0812 6432  mssmbios - ok
08:35:20.0953 6432  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
08:35:21.0000 6432  Mup - ok
08:35:21.0109 6432  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
08:35:21.0140 6432  napagent - ok
08:35:21.0218 6432  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
08:35:21.0250 6432  NDIS - ok
08:35:21.0312 6432  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:35:21.0312 6432  NdisTapi - ok
08:35:21.0375 6432  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:35:21.0390 6432  Ndisuio - ok
08:35:21.0421 6432  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:35:21.0453 6432  NdisWan - ok
08:35:21.0515 6432  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:35:21.0515 6432  NDProxy - ok
08:35:21.0546 6432  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:35:21.0562 6432  NetBIOS - ok
08:35:21.0640 6432  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:35:21.0687 6432  NetBT - ok
08:35:21.0750 6432  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
08:35:21.0828 6432  NetDDE - ok
08:35:21.0906 6432  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
08:35:21.0906 6432  NetDDEdsdm - ok
08:35:22.0000 6432  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:35:22.0000 6432  Netlogon - ok
08:35:22.0156 6432  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
08:35:22.0187 6432  Netman - ok
08:35:22.0328 6432  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:35:22.0343 6432  NetTcpPortSharing - ok
08:35:22.0406 6432  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:35:22.0406 6432  NIC1394 - ok
08:35:22.0531 6432  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
08:35:22.0546 6432  Nla - ok
08:35:22.0578 6432  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:35:22.0578 6432  Npfs - ok
08:35:22.0671 6432  [ CE84D3C222F1802EDEA07D239F18C970 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
08:35:22.0734 6432  nSvcIp - ok
08:35:22.0906 6432  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:35:23.0125 6432  Ntfs - ok
08:35:23.0156 6432  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
08:35:23.0156 6432  NtLmSsp - ok
08:35:23.0328 6432  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
08:35:23.0562 6432  NtmsSvc - ok
08:35:23.0593 6432  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:35:23.0609 6432  Null - ok
08:35:23.0625 6432  [ EF9941593B2E9B436F64A87DDB570D1A ] nvatabus        C:\WINDOWS\system32\DRIVERS\nvatabus.sys
08:35:23.0625 6432  nvatabus - ok
08:35:23.0687 6432  [ D314FE034D68C09D412727886E24F5FB ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:35:23.0734 6432  NVENETFD - ok
08:35:23.0843 6432  [ F99FBB623ED78367574EE461B5B32C2C ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:35:23.0859 6432  nvnetbus - ok
08:35:23.0953 6432  [ EA4017441889A7E66D8A77BD41AC11C0 ] nvraid          C:\WINDOWS\system32\DRIVERS\nvraid.sys
08:35:23.0984 6432  nvraid - ok
08:35:24.0031 6432  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:35:24.0046 6432  NwlnkFlt - ok
08:35:24.0093 6432  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:35:24.0109 6432  NwlnkFwd - ok
08:35:24.0468 6432  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:35:24.0609 6432  odserv - ok
08:35:24.0656 6432  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:35:24.0656 6432  ohci1394 - ok
08:35:24.0859 6432  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:35:24.0953 6432  ose - ok
08:35:25.0031 6432  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
08:35:25.0140 6432  Parport - ok
08:35:25.0187 6432  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
08:35:25.0187 6432  PartMgr - ok
08:35:25.0296 6432  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
08:35:25.0312 6432  ParVdm - ok
08:35:25.0343 6432  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
08:35:25.0359 6432  PCI - ok
08:35:25.0359 6432  PCIDump - ok
08:35:25.0406 6432  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
08:35:25.0406 6432  PCIIde - ok
08:35:25.0531 6432  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
08:35:25.0625 6432  Pcmcia - ok
08:35:25.0625 6432  PDCOMP - ok
08:35:25.0625 6432  PDFRAME - ok
08:35:25.0640 6432  PDRELI - ok
08:35:25.0640 6432  PDRFRAME - ok
08:35:25.0640 6432  perc2 - ok
08:35:25.0640 6432  perc2hib - ok
08:35:25.0671 6432  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
08:35:25.0687 6432  PlugPlay - ok
08:35:25.0765 6432  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
08:35:25.0765 6432  PolicyAgent - ok
08:35:25.0921 6432  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:35:25.0937 6432  PptpMiniport - ok
08:35:25.0984 6432  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:35:25.0984 6432  ProtectedStorage - ok
08:35:26.0031 6432  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
08:35:26.0062 6432  PSched - ok
08:35:26.0109 6432  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:35:26.0125 6432  Ptilink - ok
08:35:26.0187 6432  [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:35:26.0187 6432  PxHelp20 - ok
08:35:26.0187 6432  ql1080 - ok
08:35:26.0187 6432  Ql10wnt - ok
08:35:26.0187 6432  ql12160 - ok
08:35:26.0187 6432  ql1240 - ok
08:35:26.0203 6432  ql1280 - ok
08:35:26.0250 6432  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:35:26.0265 6432  RasAcd - ok
08:35:26.0328 6432  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:35:26.0343 6432  RasAuto - ok
08:35:26.0375 6432  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:35:26.0390 6432  Rasl2tp - ok
08:35:26.0500 6432  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:35:26.0625 6432  RasMan - ok
08:35:26.0656 6432  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:35:26.0703 6432  RasPppoe - ok
08:35:26.0796 6432  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
08:35:26.0828 6432  Raspti - ok
08:35:26.0906 6432  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:35:26.0968 6432  Rdbss - ok
08:35:27.0015 6432  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:35:27.0031 6432  RDPCDD - ok
08:35:27.0093 6432  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:35:27.0234 6432  rdpdr - ok
08:35:27.0312 6432  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:35:27.0359 6432  RDPWD - ok
08:35:27.0421 6432  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
08:35:27.0500 6432  RDSessMgr - ok
08:35:27.0671 6432  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
08:35:27.0750 6432  RealNetworks Downloader Resolver Service - ok
08:35:27.0812 6432  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
08:35:27.0828 6432  redbook - ok
08:35:27.0890 6432  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:35:27.0906 6432  RemoteAccess - ok
08:35:28.0015 6432  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:35:28.0031 6432  RemoteRegistry - ok
08:35:28.0109 6432  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:35:28.0140 6432  RpcLocator - ok
08:35:28.0250 6432  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
08:35:28.0250 6432  RpcSs - ok
08:35:28.0296 6432  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
08:35:28.0312 6432  RSVP - ok
08:35:28.0484 6432  [ B1A055F3B4CF2A60ADA63009F157126C ] RT61            C:\WINDOWS\system32\DRIVERS\RT61.sys
08:35:28.0781 6432  RT61 - ok
08:35:28.0828 6432  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
08:35:28.0828 6432  SamSs - ok
08:35:28.0937 6432  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
08:35:29.0015 6432  SCardSvr - ok
08:35:29.0109 6432  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:35:29.0218 6432  Schedule - ok
08:35:29.0265 6432  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:35:29.0281 6432  Secdrv - ok
08:35:29.0343 6432  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
08:35:29.0359 6432  seclogon - ok
08:35:29.0421 6432  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
08:35:29.0437 6432  SENS - ok
08:35:29.0484 6432  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
08:35:29.0515 6432  Serial - ok
08:35:29.0546 6432  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
08:35:29.0578 6432  Sfloppy - ok
08:35:29.0687 6432  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:35:30.0031 6432  SharedAccess - ok
08:35:30.0093 6432  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:35:30.0093 6432  ShellHWDetection - ok
08:35:30.0093 6432  Simbad - ok
08:35:30.0093 6432  Sparrow - ok
08:35:30.0171 6432  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
08:35:30.0187 6432  splitter - ok
08:35:30.0265 6432  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
08:35:30.0265 6432  Spooler - ok
08:35:30.0328 6432  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
08:35:30.0359 6432  sr - ok
08:35:30.0437 6432  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
08:35:30.0546 6432  srservice - ok
08:35:30.0703 6432  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:35:30.0843 6432  Srv - ok
08:35:30.0953 6432  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:35:31.0031 6432  SSDPSRV - ok
08:35:31.0046 6432  Steam Client Service - ok
08:35:31.0203 6432  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
08:35:31.0390 6432  stisvc - ok
08:35:31.0437 6432  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:35:31.0453 6432  swenum - ok
08:35:31.0500 6432  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
08:35:31.0515 6432  swmidi - ok
08:35:31.0531 6432  SwPrv - ok
08:35:31.0531 6432  symc810 - ok
08:35:31.0531 6432  symc8xx - ok
08:35:31.0531 6432  sym_hi - ok
08:35:31.0546 6432  sym_u3 - ok
08:35:31.0578 6432  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
08:35:31.0593 6432  sysaudio - ok
08:35:31.0640 6432  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
08:35:31.0656 6432  SysmonLog - ok
08:35:31.0781 6432  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:35:31.0921 6432  TapiSrv - ok
08:35:32.0062 6432  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:35:32.0296 6432  Tcpip - ok
08:35:32.0312 6432  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
08:35:32.0328 6432  TDPIPE - ok
08:35:32.0343 6432  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
08:35:32.0359 6432  TDTCP - ok
08:35:32.0437 6432  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:35:32.0468 6432  TermDD - ok
08:35:32.0578 6432  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
08:35:32.0765 6432  TermService - ok
08:35:32.0828 6432  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
08:35:32.0828 6432  Themes - ok
08:35:32.0906 6432  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
08:35:32.0937 6432  TlntSvr - ok
08:35:32.0937 6432  TosIde - ok
08:35:33.0015 6432  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
08:35:33.0046 6432  TrkWks - ok
08:35:33.0078 6432  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
08:35:33.0125 6432  Udfs - ok
08:35:33.0125 6432  ultra - ok
08:35:33.0281 6432  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
08:35:33.0500 6432  Update - ok
08:35:33.0609 6432  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:35:33.0656 6432  upnphost - ok
08:35:33.0671 6432  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
08:35:33.0765 6432  UPS - ok
08:35:33.0906 6432  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
08:35:33.0937 6432  usbaudio - ok
08:35:33.0968 6432  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:35:33.0984 6432  usbccgp - ok
08:35:34.0031 6432  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:35:34.0062 6432  usbehci - ok
08:35:34.0109 6432  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:35:34.0125 6432  usbhub - ok
08:35:34.0171 6432  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:35:34.0187 6432  usbohci - ok
08:35:34.0250 6432  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:35:34.0265 6432  usbscan - ok
08:35:34.0312 6432  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:35:34.0328 6432  USBSTOR - ok
08:35:34.0375 6432  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:35:34.0406 6432  VgaSave - ok
08:35:34.0406 6432  ViaIde - ok
08:35:34.0421 6432  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
08:35:34.0437 6432  VolSnap - ok
08:35:34.0562 6432  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
08:35:34.0578 6432  VSS - ok
08:35:34.0687 6432  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
08:35:34.0734 6432  W32Time - ok
08:35:34.0796 6432  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:35:34.0812 6432  Wanarp - ok
08:35:34.0828 6432  WDICA - ok
08:35:34.0859 6432  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
08:35:34.0890 6432  wdmaud - ok
08:35:34.0937 6432  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:35:34.0968 6432  WebClient - ok
08:35:35.0171 6432  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:35:35.0187 6432  winmgmt - ok
08:35:35.0234 6432  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
08:35:35.0250 6432  WmdmPmSN - ok
08:35:35.0453 6432  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
08:35:35.0468 6432  Wmi - ok
08:35:35.0531 6432  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:35:35.0546 6432  WmiApSrv - ok
08:35:35.0593 6432  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:35:35.0609 6432  WS2IFSL - ok
08:35:35.0671 6432  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
08:35:35.0687 6432  wscsvc - ok
08:35:35.0796 6432  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
08:35:35.0812 6432  wuauserv - ok
08:35:35.0875 6432  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:35:35.0906 6432  WudfPf - ok
08:35:35.0937 6432  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:35:35.0968 6432  WudfRd - ok
08:35:36.0000 6432  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
08:35:36.0015 6432  WudfSvc - ok
08:35:36.0203 6432  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
08:35:36.0484 6432  WZCSVC - ok
08:35:36.0531 6432  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
08:35:36.0546 6432  xmlprov - ok
08:35:36.0546 6432  ================ Scan global ===============================
08:35:36.0593 6432  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:35:36.0781 6432  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:35:37.0125 6432  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:35:37.0171 6432  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:35:37.0171 6432  [Global] - ok
08:35:37.0171 6432  ================ Scan MBR ==================================
08:35:37.0203 6432  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:35:37.0968 6432  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:35:37.0968 6432  \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:35:37.0968 6432  ================ Scan VBR ==================================
08:35:38.0000 6432  [ D0DC5864B400F68FC1F0DC7CFE2928CB ] \Device\Harddisk0\DR0\Partition1
08:35:38.0031 6432  \Device\Harddisk0\DR0\Partition1 - ok
08:35:38.0031 6432  ============================================================
08:35:38.0031 6432  Scan finished
08:35:38.0031 6432  ============================================================
08:35:38.0046 6408  Detected object count: 1
08:35:38.0046 6408  Actual detected object count: 1
08:35:57.0359 6408  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
08:35:57.0390 6408  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
08:35:57.0390 6408  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
08:35:57.0406 6408  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:35:57.0468 6408  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:35:57.0484 6408  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:35:57.0500 6408  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:35:57.0546 6408  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:35:57.0671 6408  \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
08:35:57.0703 6408  \Device\Harddisk0\DR0\TDLFS\dkmks.tmp - copied to quarantine
08:35:57.0718 6408  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine 
09:29:38.0328 7712  Deinitialize success
 
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-27 08:38:52
-----------------------------
08:38:52.203    OS Version: Windows 5.1.2600 Service Pack 3
08:38:52.203    Number of processors: 4 586 0xF0B
08:38:52.203    ComputerName: FOUNDATION  UserName: Patrick
08:38:52.906    Initialize success
08:40:41.031    AVAST engine defs: 13032700
08:40:46.031    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
08:40:46.031    Disk 0 Vendor: WDC_WD5000AAKS-75A7B0 01.03B01 Size: 476940MB BusType: 3
08:40:46.218    Disk 0 MBR read successfully
08:40:46.218    Disk 0 MBR scan
08:40:46.234    Disk 0 Windows XP default MBR code
08:40:46.234    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
08:40:46.281    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       473501 MB offset 112455
08:40:46.328    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     3380 MB offset 969844050
08:40:46.328    Disk 0 scanning sectors +976768065
08:40:46.390    Disk 0 scanning C:\WINDOWS\system32\drivers
08:41:00.796    Service scanning
08:41:10.562    Service MpKsl1c29018c c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A12AC98-47D0-4931-A137-5C8515AA9E60}\MpKsl1c29018c.sys **LOCKED** 32
08:41:20.250    Modules scanning
08:41:26.968    Disk 0 trace - called modules:
08:41:27.000    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys 
08:41:27.000    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a538ab8]
08:41:27.015    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000005e[0x8a5d6e78]
08:41:27.015    5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000005c[0x8a62c030]
08:41:28.156    AVAST engine scan C:\WINDOWS
08:41:45.640    AVAST engine scan C:\WINDOWS\system32
08:44:47.328    AVAST engine scan C:\WINDOWS\system32\drivers
08:45:10.906    AVAST engine scan C:\Documents and Settings\Patrick
09:26:42.875    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Patrick\Desktop\MBR.dat"
09:26:42.875    The log file has been saved successfully to "C:\Documents and Settings\Patrick\Desktop\aswMBR.txt"


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 AM

Posted 27 March 2013 - 09:07 PM

Hello again, you had a lot of TDSS infections. If you haven't since thise scans please reboot the machine.

When Comcast reports this item "Adware_Criminal_Financial_SProtector,"
I was hoping it said where it was, ....like C:\Documents and Settings\Patrick\Desktop\aswMBR.txt
I wanted you to go there and upload the file to VirusTotal.


We should still run ADWcleaner

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

You need to update to Adobe Reader XI

NOTE: UNcheck  the install Chrome box

 

Google_banner_225x66.png

Yes, install Chrome as my default browser and Google Toolbar for Internet Explorer – optional


 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Chesterton Brown

Chesterton Brown
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 27 March 2013 - 09:34 PM

Ok. Done.
 
# AdwCleaner v2.115 - Logfile created 03/27/2013 at 19:24:44
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Patrick - FOUNDATION
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Patrick\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\tpr9kjpf.default\searchplugins\Askcom.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\tpr9kjpf.default\extensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\Patrick\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Patrick\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Patrick\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BrowseToSave
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
File : C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\tpr9kjpf.default\prefs.js
 
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.513289e1bde63.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Documents and Settings\Patrick\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [9215 octets] - [27/03/2013 19:24:44]
 
########## EOF - C:\AdwCleaner[S1].txt - [9275 octets] ##########


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 AM

Posted 27 March 2013 - 09:43 PM

Any luck finding that file?

Rerun TDSSKiller
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.
 

 

 Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

 

How is it running now?

 

Sorry,had a bunch of coding errors.

 


Edited by boopme, 27 March 2013 - 09:59 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Chesterton Brown

Chesterton Brown
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 27 March 2013 - 10:02 PM

Hi, I have not been able to locate that file. I gave you literally all of the information that Comcast provides (I can post a screenshot if you could tell me how to do that on this forum) -- if they provided more, I would post it here.

 

I ran TDSS killer again (log below) and the JRT (log also below). The link to the TFC seemed to be broken, however, so I haven't yet run that.

 

 

 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Microsoft Windows XP x86
Ran by Patrick on Wed 03/27/2013 at 19:52:14.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Documents and Settings\Patrick\Application Data\mozilla\firefox\profiles\tpr9kjpf.default\minidumps [1 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/27/2013 at 19:56:34.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
19:48:16.0937 3620  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:48:17.0343 3620  ============================================================
19:48:17.0343 3620  Current date / time: 2013/03/27 19:48:17.0343
19:48:17.0343 3620  SystemInfo:
19:48:17.0343 3620  
19:48:17.0343 3620  OS Version: 5.1.2600 ServicePack: 3.0
19:48:17.0343 3620  Product type: Workstation
19:48:17.0343 3620  ComputerName: FOUNDATION
19:48:17.0343 3620  UserName: Patrick
19:48:17.0343 3620  Windows directory: C:\WINDOWS
19:48:17.0343 3620  System windows directory: C:\WINDOWS
19:48:17.0343 3620  Processor architecture: Intel x86
19:48:17.0343 3620  Number of processors: 4
19:48:17.0343 3620  Page size: 0x1000
19:48:17.0343 3620  Boot type: Normal boot
19:48:17.0343 3620  ============================================================
19:48:17.0937 3620  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:48:17.0937 3620  ============================================================
19:48:17.0937 3620  \Device\Harddisk0\DR0:
19:48:17.0937 3620  MBR partitions:
19:48:17.0937 3620  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x39CCEE0B
19:48:17.0937 3620  ============================================================
19:48:17.0984 3620  C: <-> \Device\Harddisk0\DR0\Partition1
19:48:17.0984 3620  ============================================================
19:48:17.0984 3620  Initialize success
19:48:17.0984 3620  ============================================================
19:48:21.0234 3676  ============================================================
19:48:21.0250 3676  Scan started
19:48:21.0250 3676  Mode: Manual; 
19:48:21.0250 3676  ============================================================
19:48:21.0421 3676  ================ Scan system memory ========================
19:48:21.0421 3676  System memory - ok
19:48:21.0421 3676  ================ Scan services =============================
19:48:21.0593 3676  [ F99A8791C118B533688CF1EBDC8A3D2B ] #UpdateService  C:\Program Files\Box Sync\UpdateService.exe
19:48:21.0593 3676  #UpdateService - ok
19:48:21.0671 3676  Abiosdsk - ok
19:48:21.0671 3676  abp480n5 - ok
19:48:21.0718 3676  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:48:21.0718 3676  ACPI - ok
19:48:21.0765 3676  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:48:21.0765 3676  ACPIEC - ok
19:48:21.0890 3676  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:48:21.0890 3676  AdobeFlashPlayerUpdateSvc - ok
19:48:21.0890 3676  adpu160m - ok
19:48:21.0906 3676  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:48:21.0906 3676  aec - ok
19:48:21.0953 3676  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:48:21.0953 3676  AFD - ok
19:48:21.0953 3676  Aha154x - ok
19:48:21.0953 3676  aic78u2 - ok
19:48:21.0968 3676  aic78xx - ok
19:48:22.0031 3676  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:48:22.0046 3676  Alerter - ok
19:48:22.0062 3676  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
19:48:22.0062 3676  ALG - ok
19:48:22.0062 3676  AliIde - ok
19:48:22.0062 3676  amsint - ok
19:48:22.0187 3676  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:48:22.0203 3676  AppMgmt - ok
19:48:22.0218 3676  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:48:22.0218 3676  Arp1394 - ok
19:48:22.0218 3676  asc - ok
19:48:22.0218 3676  asc3350p - ok
19:48:22.0218 3676  asc3550 - ok
19:48:22.0375 3676  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:48:22.0375 3676  aspnet_state - ok
19:48:22.0390 3676  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:48:22.0421 3676  AsyncMac - ok
19:48:22.0453 3676  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:48:22.0484 3676  atapi - ok
19:48:22.0484 3676  Atdisk - ok
19:48:22.0562 3676  [ 281D26DF656E53DAB568214EE282EC46 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:48:22.0578 3676  Ati HotKey Poller - ok
19:48:22.0875 3676  [ C2B6F2161ABD498D2B453050FFC81812 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:48:22.0906 3676  ati2mtag - ok
19:48:22.0968 3676  [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
19:48:22.0968 3676  AtiHdmiService - ok
19:48:23.0015 3676  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:48:23.0015 3676  Atmarpc - ok
19:48:23.0046 3676  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:48:23.0046 3676  AudioSrv - ok
19:48:23.0078 3676  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:48:23.0078 3676  audstub - ok
19:48:23.0109 3676  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:48:23.0109 3676  Beep - ok
19:48:23.0125 3676  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:48:23.0187 3676  BITS - ok
19:48:23.0218 3676  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
19:48:23.0218 3676  Browser - ok
19:48:23.0250 3676  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:48:23.0250 3676  cbidf2k - ok
19:48:23.0250 3676  cd20xrnt - ok
19:48:23.0281 3676  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:48:23.0281 3676  Cdaudio - ok
19:48:23.0281 3676  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:48:23.0281 3676  Cdfs - ok
19:48:23.0328 3676  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:48:23.0328 3676  Cdrom - ok
19:48:23.0390 3676  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
19:48:23.0421 3676  cercsr6 - ok
19:48:23.0437 3676  Changer - ok
19:48:23.0484 3676  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:48:23.0484 3676  CiSvc - ok
19:48:23.0500 3676  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:48:23.0515 3676  ClipSrv - ok
19:48:23.0531 3676  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:48:23.0546 3676  clr_optimization_v2.0.50727_32 - ok
19:48:23.0546 3676  CmdIde - ok
19:48:23.0546 3676  COMSysApp - ok
19:48:23.0546 3676  Cpqarray - ok
19:48:23.0578 3676  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:48:23.0578 3676  CryptSvc - ok
19:48:23.0578 3676  dac2w2k - ok
19:48:23.0593 3676  dac960nt - ok
19:48:23.0625 3676  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:48:23.0625 3676  DcomLaunch - ok
19:48:23.0671 3676  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:48:23.0671 3676  Dhcp - ok
19:48:23.0687 3676  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:48:23.0687 3676  Disk - ok
19:48:23.0687 3676  dmadmin - ok
19:48:23.0765 3676  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:48:23.0796 3676  dmboot - ok
19:48:23.0828 3676  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:48:23.0828 3676  dmio - ok
19:48:23.0859 3676  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:48:23.0859 3676  dmload - ok
19:48:23.0890 3676  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:48:23.0890 3676  dmserver - ok
19:48:23.0906 3676  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:48:23.0906 3676  DMusic - ok
19:48:23.0937 3676  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:48:23.0937 3676  Dnscache - ok
19:48:23.0984 3676  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:48:23.0984 3676  Dot3svc - ok
19:48:23.0984 3676  dpti2o - ok
19:48:24.0000 3676  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:48:24.0000 3676  drmkaud - ok
19:48:24.0078 3676  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:48:24.0078 3676  EapHost - ok
19:48:24.0078 3676  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:48:24.0078 3676  ERSvc - ok
19:48:24.0125 3676  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
19:48:24.0125 3676  Eventlog - ok
19:48:24.0171 3676  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
19:48:24.0171 3676  EventSystem - ok
19:48:24.0187 3676  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:48:24.0218 3676  Fastfat - ok
19:48:24.0281 3676  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:48:24.0281 3676  FastUserSwitchingCompatibility - ok
19:48:24.0328 3676  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:48:24.0328 3676  Fdc - ok
19:48:24.0328 3676  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:48:24.0343 3676  Fips - ok
19:48:24.0343 3676  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:48:24.0343 3676  Flpydisk - ok
19:48:24.0390 3676  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:48:24.0390 3676  FltMgr - ok
19:48:24.0453 3676  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:48:24.0453 3676  FontCache3.0.0.0 - ok
19:48:24.0546 3676  [ A621E716E040682A66E636377F57E40B ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
19:48:24.0546 3676  ForceWare Intelligent Application Manager (IAM) - ok
19:48:24.0562 3676  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:48:24.0562 3676  Fs_Rec - ok
19:48:24.0578 3676  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:48:24.0578 3676  Ftdisk - ok
19:48:24.0625 3676  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:48:24.0625 3676  Gpc - ok
19:48:24.0687 3676  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:48:24.0687 3676  gusvc - ok
19:48:24.0703 3676  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:48:24.0703 3676  HDAudBus - ok
19:48:24.0796 3676  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:48:24.0796 3676  helpsvc - ok
19:48:24.0843 3676  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:48:24.0843 3676  HidServ - ok
19:48:24.0859 3676  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:48:24.0859 3676  hidusb - ok
19:48:24.0906 3676  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:48:24.0906 3676  hkmsvc - ok
19:48:24.0906 3676  hpn - ok
19:48:24.0937 3676  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:48:24.0937 3676  HTTP - ok
19:48:24.0984 3676  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:48:24.0984 3676  HTTPFilter - ok
19:48:24.0984 3676  i2omgmt - ok
19:48:24.0984 3676  i2omp - ok
19:48:25.0015 3676  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
19:48:25.0031 3676  i8042prt - ok
19:48:25.0171 3676  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:48:25.0187 3676  idsvc - ok
19:48:25.0265 3676  [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
19:48:25.0265 3676  IJPLMSVC - ok
19:48:25.0281 3676  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:48:25.0281 3676  Imapi - ok
19:48:25.0328 3676  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:48:25.0328 3676  ImapiService - ok
19:48:25.0343 3676  ini910u - ok
19:48:25.0484 3676  [ 47C79F7E330CBB829934D00F64D55FC9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:48:25.0500 3676  IntcAzAudAddService - ok
19:48:25.0515 3676  IntelIde - ok
19:48:25.0562 3676  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:48:25.0562 3676  intelppm - ok
19:48:25.0593 3676  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:48:25.0593 3676  Ip6Fw - ok
19:48:25.0625 3676  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:48:25.0625 3676  IpFilterDriver - ok
19:48:25.0671 3676  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:48:25.0671 3676  IpInIp - ok
19:48:25.0687 3676  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:48:25.0687 3676  IpNat - ok
19:48:25.0703 3676  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:48:25.0703 3676  IPSec - ok
19:48:25.0718 3676  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:48:25.0718 3676  IRENUM - ok
19:48:25.0750 3676  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:48:25.0750 3676  isapnp - ok
19:48:25.0890 3676  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:48:25.0890 3676  JavaQuickStarterService - ok
19:48:25.0906 3676  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:48:25.0906 3676  Kbdclass - ok
19:48:25.0906 3676  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:48:25.0906 3676  kbdhid - ok
19:48:25.0906 3676  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:48:25.0906 3676  kmixer - ok
19:48:25.0937 3676  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:48:25.0937 3676  KSecDD - ok
19:48:25.0968 3676  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:48:25.0968 3676  lanmanserver - ok
19:48:26.0031 3676  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:48:26.0031 3676  lanmanworkstation - ok
19:48:26.0031 3676  lbrtfdc - ok
19:48:26.0046 3676  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:48:26.0046 3676  LmHosts - ok
19:48:26.0062 3676  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:48:26.0062 3676  Messenger - ok
19:48:26.0078 3676  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:48:26.0078 3676  mnmdd - ok
19:48:26.0109 3676  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:48:26.0109 3676  mnmsrvc - ok
19:48:26.0125 3676  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:48:26.0125 3676  Modem - ok
19:48:26.0125 3676  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:48:26.0125 3676  Mouclass - ok
19:48:26.0156 3676  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:48:26.0156 3676  mouhid - ok
19:48:26.0156 3676  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:48:26.0156 3676  MountMgr - ok
19:48:26.0203 3676  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:48:26.0218 3676  MozillaMaintenance - ok
19:48:26.0265 3676  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:48:26.0281 3676  MpFilter - ok
19:48:26.0375 3676  [ A69630D039C38018689190234F866D77 ] MpKsl3bb6bceb   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5314C29D-2D84-4F1C-87E0-DA6BECD5CFBD}\MpKsl3bb6bceb.sys
19:48:26.0375 3676  MpKsl3bb6bceb - ok
19:48:26.0375 3676  mraid35x - ok
19:48:26.0375 3676  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:48:26.0375 3676  MRxDAV - ok
19:48:26.0437 3676  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:48:26.0437 3676  MRxSmb - ok
19:48:26.0453 3676  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:48:26.0453 3676  MSDTC - ok
19:48:26.0468 3676  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:48:26.0468 3676  Msfs - ok
19:48:26.0468 3676  MSIServer - ok
19:48:26.0500 3676  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:48:26.0500 3676  MSKSSRV - ok
19:48:26.0562 3676  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:48:26.0562 3676  MsMpSvc - ok
19:48:26.0593 3676  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:48:26.0593 3676  MSPCLOCK - ok
19:48:26.0593 3676  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:48:26.0593 3676  MSPQM - ok
19:48:26.0625 3676  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:48:26.0625 3676  mssmbios - ok
19:48:26.0656 3676  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:48:26.0656 3676  Mup - ok
19:48:26.0687 3676  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:48:26.0687 3676  napagent - ok
19:48:26.0718 3676  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:48:26.0718 3676  NDIS - ok
19:48:26.0734 3676  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:48:26.0734 3676  NdisTapi - ok
19:48:26.0734 3676  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:48:26.0750 3676  Ndisuio - ok
19:48:26.0750 3676  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:48:26.0750 3676  NdisWan - ok
19:48:26.0781 3676  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:48:26.0781 3676  NDProxy - ok
19:48:26.0781 3676  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:48:26.0781 3676  NetBIOS - ok
19:48:26.0812 3676  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:48:26.0812 3676  NetBT - ok
19:48:26.0859 3676  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:48:26.0859 3676  NetDDE - ok
19:48:26.0859 3676  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:48:26.0859 3676  NetDDEdsdm - ok
19:48:26.0906 3676  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:48:26.0906 3676  Netlogon - ok
19:48:26.0953 3676  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
19:48:26.0953 3676  Netman - ok
19:48:27.0015 3676  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:48:27.0015 3676  NetTcpPortSharing - ok
19:48:27.0046 3676  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:48:27.0046 3676  NIC1394 - ok
19:48:27.0078 3676  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:48:27.0078 3676  Nla - ok
19:48:27.0078 3676  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:48:27.0078 3676  Npfs - ok
19:48:27.0125 3676  [ CE84D3C222F1802EDEA07D239F18C970 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
19:48:27.0125 3676  nSvcIp - ok
19:48:27.0187 3676  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:48:27.0187 3676  Ntfs - ok
19:48:27.0187 3676  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:48:27.0203 3676  NtLmSsp - ok
19:48:27.0234 3676  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:48:27.0234 3676  NtmsSvc - ok
19:48:27.0265 3676  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:48:27.0265 3676  Null - ok
19:48:27.0265 3676  [ EF9941593B2E9B436F64A87DDB570D1A ] nvatabus        C:\WINDOWS\system32\DRIVERS\nvatabus.sys
19:48:27.0265 3676  nvatabus - ok
19:48:27.0312 3676  [ D314FE034D68C09D412727886E24F5FB ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:48:27.0312 3676  NVENETFD - ok
19:48:27.0359 3676  [ F99FBB623ED78367574EE461B5B32C2C ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:48:27.0359 3676  nvnetbus - ok
19:48:27.0390 3676  [ EA4017441889A7E66D8A77BD41AC11C0 ] nvraid          C:\WINDOWS\system32\DRIVERS\nvraid.sys
19:48:27.0390 3676  nvraid - ok
19:48:27.0390 3676  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:48:27.0390 3676  NwlnkFlt - ok
19:48:27.0390 3676  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:48:27.0390 3676  NwlnkFwd - ok
19:48:27.0531 3676  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:48:27.0531 3676  odserv - ok
19:48:27.0531 3676  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:48:27.0531 3676  ohci1394 - ok
19:48:27.0609 3676  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:48:27.0625 3676  ose - ok
19:48:27.0671 3676  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
19:48:27.0671 3676  Parport - ok
19:48:27.0671 3676  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:48:27.0671 3676  PartMgr - ok
19:48:27.0703 3676  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:48:27.0703 3676  ParVdm - ok
19:48:27.0703 3676  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:48:27.0703 3676  PCI - ok
19:48:27.0703 3676  PCIDump - ok
19:48:27.0718 3676  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:48:27.0718 3676  PCIIde - ok
19:48:27.0750 3676  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:48:27.0750 3676  Pcmcia - ok
19:48:27.0750 3676  PDCOMP - ok
19:48:27.0765 3676  PDFRAME - ok
19:48:27.0765 3676  PDRELI - ok
19:48:27.0765 3676  PDRFRAME - ok
19:48:27.0765 3676  perc2 - ok
19:48:27.0765 3676  perc2hib - ok
19:48:27.0796 3676  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:48:27.0796 3676  PlugPlay - ok
19:48:27.0812 3676  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:48:27.0812 3676  PolicyAgent - ok
19:48:27.0812 3676  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:48:27.0812 3676  PptpMiniport - ok
19:48:27.0828 3676  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:48:27.0828 3676  ProtectedStorage - ok
19:48:27.0828 3676  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:48:27.0828 3676  PSched - ok
19:48:27.0828 3676  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:48:27.0828 3676  Ptilink - ok
19:48:27.0843 3676  [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:48:27.0843 3676  PxHelp20 - ok
19:48:27.0859 3676  ql1080 - ok
19:48:27.0859 3676  Ql10wnt - ok
19:48:27.0859 3676  ql12160 - ok
19:48:27.0859 3676  ql1240 - ok
19:48:27.0859 3676  ql1280 - ok
19:48:27.0890 3676  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:48:27.0890 3676  RasAcd - ok
19:48:27.0937 3676  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:48:27.0937 3676  RasAuto - ok
19:48:27.0953 3676  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:48:27.0953 3676  Rasl2tp - ok
19:48:28.0015 3676  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:48:28.0015 3676  RasMan - ok
19:48:28.0015 3676  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:48:28.0015 3676  RasPppoe - ok
19:48:28.0015 3676  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:48:28.0015 3676  Raspti - ok
19:48:28.0031 3676  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:48:28.0031 3676  Rdbss - ok
19:48:28.0031 3676  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:48:28.0031 3676  RDPCDD - ok
19:48:28.0046 3676  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:48:28.0046 3676  rdpdr - ok
19:48:28.0078 3676  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:48:28.0078 3676  RDPWD - ok
19:48:28.0125 3676  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:48:28.0140 3676  RDSessMgr - ok
19:48:28.0203 3676  [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
19:48:28.0203 3676  RealNetworks Downloader Resolver Service - ok
19:48:28.0234 3676  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:48:28.0234 3676  redbook - ok
19:48:28.0281 3676  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:48:28.0281 3676  RemoteAccess - ok
19:48:28.0312 3676  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:48:28.0312 3676  RemoteRegistry - ok
19:48:28.0328 3676  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:48:28.0328 3676  RpcLocator - ok
19:48:28.0359 3676  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:48:28.0359 3676  RpcSs - ok
19:48:28.0406 3676  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:48:28.0406 3676  RSVP - ok
19:48:28.0437 3676  [ B1A055F3B4CF2A60ADA63009F157126C ] RT61            C:\WINDOWS\system32\DRIVERS\RT61.sys
19:48:28.0453 3676  RT61 - ok
19:48:28.0468 3676  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:48:28.0468 3676  SamSs - ok
19:48:28.0468 3676  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:48:28.0468 3676  SCardSvr - ok
19:48:28.0484 3676  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:48:28.0484 3676  Schedule - ok
19:48:28.0515 3676  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:48:28.0515 3676  Secdrv - ok
19:48:28.0515 3676  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:48:28.0515 3676  seclogon - ok
19:48:28.0515 3676  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
19:48:28.0531 3676  SENS - ok
19:48:28.0562 3676  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
19:48:28.0562 3676  Serial - ok
19:48:28.0562 3676  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:48:28.0562 3676  Sfloppy - ok
19:48:28.0609 3676  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:48:28.0625 3676  SharedAccess - ok
19:48:28.0625 3676  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:48:28.0640 3676  ShellHWDetection - ok
19:48:28.0640 3676  Simbad - ok
19:48:28.0640 3676  Sparrow - ok
19:48:28.0640 3676  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:48:28.0640 3676  splitter - ok
19:48:28.0671 3676  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:48:28.0671 3676  Spooler - ok
19:48:28.0703 3676  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:48:28.0703 3676  sr - ok
19:48:28.0703 3676  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:48:28.0703 3676  srservice - ok
19:48:28.0734 3676  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:48:28.0734 3676  Srv - ok
19:48:28.0765 3676  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:48:28.0765 3676  SSDPSRV - ok
19:48:28.0796 3676  Steam Client Service - ok
19:48:28.0828 3676  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:48:28.0828 3676  stisvc - ok
19:48:28.0843 3676  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:48:28.0843 3676  swenum - ok
19:48:28.0859 3676  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:48:28.0859 3676  swmidi - ok
19:48:28.0859 3676  SwPrv - ok
19:48:28.0859 3676  symc810 - ok
19:48:28.0859 3676  symc8xx - ok
19:48:28.0859 3676  sym_hi - ok
19:48:28.0875 3676  sym_u3 - ok
19:48:28.0953 3676  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:48:28.0953 3676  sysaudio - ok
19:48:28.0984 3676  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:48:28.0984 3676  SysmonLog - ok
19:48:29.0000 3676  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:48:29.0000 3676  TapiSrv - ok
19:48:29.0015 3676  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:48:29.0031 3676  Tcpip - ok
19:48:29.0046 3676  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:48:29.0046 3676  TDPIPE - ok
19:48:29.0062 3676  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:48:29.0062 3676  TDTCP - ok
19:48:29.0062 3676  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:48:29.0062 3676  TermDD - ok
19:48:29.0093 3676  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
19:48:29.0093 3676  TermService - ok
19:48:29.0109 3676  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:48:29.0109 3676  Themes - ok
19:48:29.0125 3676  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:48:29.0125 3676  TlntSvr - ok
19:48:29.0140 3676  TosIde - ok
19:48:29.0140 3676  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:48:29.0140 3676  TrkWks - ok
19:48:29.0171 3676  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:48:29.0171 3676  Udfs - ok
19:48:29.0171 3676  ultra - ok
19:48:29.0203 3676  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:48:29.0203 3676  Update - ok
19:48:29.0234 3676  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:48:29.0234 3676  upnphost - ok
19:48:29.0234 3676  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
19:48:29.0234 3676  UPS - ok
19:48:29.0250 3676  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:48:29.0250 3676  usbaudio - ok
19:48:29.0265 3676  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:48:29.0265 3676  usbccgp - ok
19:48:29.0265 3676  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:48:29.0265 3676  usbehci - ok
19:48:29.0281 3676  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:48:29.0281 3676  usbhub - ok
19:48:29.0296 3676  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:48:29.0296 3676  usbohci - ok
19:48:29.0343 3676  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:48:29.0343 3676  usbscan - ok
19:48:29.0359 3676  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:48:29.0359 3676  USBSTOR - ok
19:48:29.0359 3676  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:48:29.0359 3676  VgaSave - ok
19:48:29.0359 3676  ViaIde - ok
19:48:29.0375 3676  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:48:29.0375 3676  VolSnap - ok
19:48:29.0421 3676  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
19:48:29.0421 3676  VSS - ok
19:48:29.0453 3676  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
19:48:29.0453 3676  W32Time - ok
19:48:29.0468 3676  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:48:29.0468 3676  Wanarp - ok
19:48:29.0468 3676  WDICA - ok
19:48:29.0484 3676  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:48:29.0484 3676  wdmaud - ok
19:48:29.0484 3676  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:48:29.0484 3676  WebClient - ok
19:48:29.0562 3676  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:48:29.0578 3676  winmgmt - ok
19:48:29.0609 3676  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:48:29.0640 3676  WmdmPmSN - ok
19:48:29.0671 3676  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:48:29.0687 3676  Wmi - ok
19:48:29.0703 3676  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:48:29.0703 3676  WmiApSrv - ok
19:48:29.0734 3676  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:48:29.0734 3676  WS2IFSL - ok
19:48:29.0765 3676  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:48:29.0765 3676  wscsvc - ok
19:48:29.0765 3676  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:48:29.0796 3676  wuauserv - ok
19:48:29.0812 3676  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:48:29.0859 3676  WudfPf - ok
19:48:29.0890 3676  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:48:29.0937 3676  WudfRd - ok
19:48:29.0968 3676  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:48:29.0984 3676  WudfSvc - ok
19:48:30.0031 3676  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:48:30.0046 3676  WZCSVC - ok
19:48:30.0078 3676  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:48:30.0125 3676  xmlprov - ok
19:48:30.0125 3676  ================ Scan global ===============================
19:48:30.0156 3676  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:48:30.0218 3676  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:48:30.0234 3676  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:48:30.0265 3676  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:48:30.0265 3676  [Global] - ok
19:48:30.0265 3676  ================ Scan MBR ==================================
19:48:30.0296 3676  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:48:30.0421 3676  \Device\Harddisk0\DR0 - ok
19:48:30.0421 3676  ================ Scan VBR ==================================
19:48:30.0421 3676  [ D0DC5864B400F68FC1F0DC7CFE2928CB ] \Device\Harddisk0\DR0\Partition1
19:48:30.0421 3676  \Device\Harddisk0\DR0\Partition1 - ok
19:48:30.0421 3676  ============================================================
19:48:30.0421 3676  Scan finished
19:48:30.0421 3676  ============================================================
19:48:30.0437 2384  Detected object count: 0
19:48:30.0437 2384  Actual detected object count: 0
19:48:52.0406 1700  Deinitialize success
 


#8 Chesterton Brown

Chesterton Brown
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 27 March 2013 - 10:17 PM

I was able to download a .csv of the data provided by Comcast. I've pasted it in below.

 

 


advisory         botnet_name                                            intent                severity_index   last_seen        times_seen   msrt                 description    ccast_name    ccast_description
Unclassified   Adware_Criminal_Financial_SProtector    Multi-Purpose   84                     1364386867   31                  FakeSecSen   Unclassified   Unclassified    Unclassified

 


Edited by Chesterton Brown, 27 March 2013 - 10:22 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 AM

Posted 27 March 2013 - 10:24 PM

OK as we cannot actually access the file I want to start a new topic.

Name it... Comcast says I have a Bot.

I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.

 

Include this link back to here...

 

http://www.bleepingcomputer.com/forums/t/489976/comcast-constant-guard-service-alert-infected-with-a-bot/#entry3013848
 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Chesterton Brown

Chesterton Brown
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 27 March 2013 - 11:18 PM

Ok, I have done that. Thank you again for all of your help!



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 AM

Posted 28 March 2013 - 03:54 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users