Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/sirefref!crg


  • This topic is locked This topic is locked
36 replies to this topic

#1 prairiedances

prairiedances

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 July 2013 - 12:41 PM

.I have both Malaware Bytes and Windows Security Essentials on my computer. While I was runing Malaware Bytes Windows Security Essentials came up with an alert asking to delete the "Trojan:Win32/Sirefref!crg". It deleted it and the Malaware Bytes scan came up clean. I re ran Windows Security Essentials after than just to be sure and that came up clean also. I then went to the Am I infected? What do I do? fourm where I ran a TDSSKiler then ESET online scanner. The results of the online scanner were:

 

C:\Documents and Settings\Grant Writer\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab    Win32/OpenCandy application
C:\Documents and Settings\Grant Writer\Local Settings\Temporary Internet Files\Content.IE5\M0QLSIJP\stubinst_pkg_en-us[1].cab    Win32/OpenCandy application
C:\Documents and Settings\Grant Writer\My Documents\Downloads\Flash_Player_Setup.exe    a variant of Win32/Toolbar.Babylon.A application

 

I was instructed to come here because "it looks like the malware has been hooking inside the system and patching original drivers" and to do a new post after running DDS.

 

Please help! Thanks.

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 AM

Posted 30 July 2013 - 02:08 PM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
----------
 
aswmbr-1-1.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

aswmbrscan.jpg
Click the image to enlarge it
----------
 
adwcleaner.jpgAdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 30 July 2013 - 10:45 PM

Hi Jeff. Thank you for getting back to me. I won't be at that computer until tomorrow afternoon - I'll get started then and follow your instructions :)



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 AM

Posted 31 July 2013 - 06:45 AM

Ok  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 31 July 2013 - 09:13 AM

Sorry, actually won't be until tomorrow. Thanks again :)



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 AM

Posted 31 July 2013 - 11:03 AM

No problem.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 01 August 2013 - 08:13 AM

Hi Jeff. I tried to download aswMBR but the computer won't let me. It just keeps saying it's about to start downloading then never does. Should I try it in safe mode?



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 AM

Posted 01 August 2013 - 11:11 AM

Hi,
 
Thanks for letting me know.  Let's try a different tool....
 
TDSK.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 01 August 2013 - 12:05 PM

Hi, I ran TDSS Killer before and attached the logs to my first post. I didn't mention that at first, sorry. Are those logs ok or should I run another one? Thanks, I re attached the logs.

Attached Files



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 AM

Posted 01 August 2013 - 02:23 PM

Hi,
 
I saw that you had run TDSSKiller but the log was not there.  You did post the logs from DDS which helps greatly.   :)
 
If you need to run TDSSKiller again to get the log please do that and then post that log as well.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 01 August 2013 - 02:30 PM

You're right, my apologies. I got the two confused. I posted the log for TDSSKiller in the other thread. When I ran it that time  the log didn't come up but said that it scanned 314 objects and found 305 threats. I ran it again and no threats came up and neither did the log. I clicked on report and got this:

 

 

15:25:21.0171 1976  Windows directory: C:\WINDOWS
15:25:21.0171 1976  System windows directory: C:\WINDOWS
15:25:21.0171 1976  Processor architecture: Intel x86
15:25:21.0171 1976  Number of processors: 2
15:25:21.0171 1976  Page size: 0x1000
15:25:21.0171 1976  Boot type: Normal boot
15:25:21.0171 1976  ============================================================
15:25:21.0828 1976  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:25:21.0890 1976  Drive \Device\Harddisk6\DR8 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:25:21.0890 1976  ============================================================
15:25:21.0890 1976  \Device\Harddisk0\DR0:
15:25:21.0890 1976  MBR partitions:
15:25:21.0890 1976  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1120EDA1
15:25:21.0890 1976  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11212CA1, BlocksNum 0x1801F5F
15:25:21.0890 1976  \Device\Harddisk6\DR8:
15:25:21.0890 1976  MBR partitions:
15:25:21.0890 1976  \Device\Harddisk6\DR8\Partition1: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
15:25:21.0890 1976  ============================================================
15:25:21.0921 1976  C: <-> \Device\Harddisk0\DR0\Partition1
15:25:21.0937 1976  D: <-> \Device\Harddisk0\DR0\Partition2
15:25:21.0953 1976  ============================================================
15:25:21.0953 1976  Initialize success
15:25:21.0953 1976  ============================================================
15:25:40.0296 2096  ============================================================
15:25:40.0296 2096  Scan started
15:25:40.0296 2096  Mode: Manual;
15:25:40.0296 2096  ============================================================
15:25:40.0437 2096  ================ Scan system memory ========================
15:25:40.0437 2096  System memory - ok
15:25:40.0437 2096  ================ Scan services =============================
15:25:40.0562 2096  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:25:40.0562 2096  !SASCORE - ok
15:25:40.0656 2096  0176251236890864mcinstcleanup - ok
15:25:40.0828 2096  Abiosdsk - ok
15:25:40.0828 2096  abp480n5 - ok
15:25:40.0890 2096  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
15:25:40.0890 2096  ac97intc - ok
15:25:40.0937 2096  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:25:40.0937 2096  ACPI - ok
15:25:40.0953 2096  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:25:40.0953 2096  ACPIEC - ok
15:25:40.0968 2096  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:25:40.0968 2096  adpu160m - ok
15:25:41.0000 2096  [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320         C:\WINDOWS\system32\DRIVERS\adpu320.sys
15:25:41.0046 2096  adpu320 - ok
15:25:41.0078 2096  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:25:41.0078 2096  aec - ok
15:25:41.0140 2096  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:25:41.0140 2096  AFD - ok
15:25:41.0140 2096  Aha154x - ok
15:25:41.0171 2096  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:25:41.0187 2096  aic78u2 - ok
15:25:41.0187 2096  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:25:41.0187 2096  aic78xx - ok
15:25:41.0218 2096  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:25:41.0218 2096  Alerter - ok
15:25:41.0234 2096  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
15:25:41.0234 2096  ALG - ok
15:25:41.0250 2096  AliIde - ok
15:25:41.0250 2096  amsint - ok
15:25:41.0281 2096  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:25:41.0281 2096  AppMgmt - ok
15:25:41.0296 2096  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:25:41.0296 2096  Arp1394 - ok
15:25:41.0296 2096  asc - ok
15:25:41.0312 2096  asc3350p - ok
15:25:41.0312 2096  asc3550 - ok
15:25:41.0421 2096  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:25:41.0437 2096  aspnet_state - ok
15:25:41.0468 2096  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:25:41.0468 2096  AsyncMac - ok
15:25:41.0484 2096  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:25:41.0484 2096  atapi - ok
15:25:41.0484 2096  Atdisk - ok
15:25:41.0515 2096  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:25:41.0515 2096  Atmarpc - ok
15:25:41.0546 2096  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:25:41.0546 2096  AudioSrv - ok
15:25:41.0593 2096  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:25:41.0593 2096  audstub - ok
15:25:41.0671 2096  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:25:41.0687 2096  BcmSqlStartupSvc - ok
15:25:41.0687 2096  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:25:41.0687 2096  Beep - ok
15:25:41.0734 2096  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:25:41.0734 2096  BITS - ok
15:25:41.0781 2096  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
15:25:41.0781 2096  Browser - ok
15:25:41.0812 2096  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:25:41.0812 2096  cbidf2k - ok
15:25:41.0828 2096  cd20xrnt - ok
15:25:41.0843 2096  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:25:41.0843 2096  Cdaudio - ok
15:25:41.0890 2096  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:25:41.0890 2096  Cdfs - ok
15:25:41.0890 2096  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:25:41.0906 2096  Cdrom - ok
15:25:41.0906 2096  Changer - ok
15:25:41.0937 2096  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:25:41.0937 2096  CiSvc - ok
15:25:41.0968 2096  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:25:41.0968 2096  ClipSrv - ok
15:25:42.0000 2096  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:25:42.0046 2096  clr_optimization_v2.0.50727_32 - ok
15:25:42.0046 2096  CmdIde - ok
15:25:42.0046 2096  COMSysApp - ok
15:25:42.0062 2096  Cpqarray - ok
15:25:42.0078 2096  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:25:42.0078 2096  CryptSvc - ok
15:25:42.0078 2096  dac2w2k - ok
15:25:42.0078 2096  dac960nt - ok
15:25:42.0125 2096  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:25:42.0140 2096  DcomLaunch - ok
15:25:42.0187 2096  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:25:42.0187 2096  Dhcp - ok
15:25:42.0218 2096  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:25:42.0218 2096  Disk - ok
15:25:42.0218 2096  dmadmin - ok
15:25:42.0265 2096  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:25:42.0281 2096  dmboot - ok
15:25:42.0296 2096  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:25:42.0296 2096  dmio - ok
15:25:42.0312 2096  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:25:42.0312 2096  dmload - ok
15:25:42.0343 2096  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:25:42.0343 2096  dmserver - ok
15:25:42.0343 2096  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:25:42.0343 2096  DMusic - ok
15:25:42.0390 2096  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:25:42.0390 2096  Dnscache - ok
15:25:42.0421 2096  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:25:42.0421 2096  Dot3svc - ok
15:25:42.0421 2096  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:25:42.0437 2096  dpti2o - ok
15:25:42.0468 2096  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:25:42.0468 2096  drmkaud - ok
15:25:42.0484 2096  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:25:42.0500 2096  E100B - ok
15:25:42.0531 2096  [ 6A738BEE58FF3D2F237157082E799DE8 ] e1yexpress      C:\WINDOWS\system32\DRIVERS\e1y5132.sys
15:25:42.0531 2096  e1yexpress - ok
15:25:42.0546 2096  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:25:42.0562 2096  EapHost - ok
15:25:42.0593 2096  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:25:42.0593 2096  ERSvc - ok
15:25:42.0640 2096  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
15:25:42.0640 2096  Eventlog - ok
15:25:42.0687 2096  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
15:25:42.0687 2096  EventSystem - ok
15:25:42.0703 2096  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:25:42.0718 2096  Fastfat - ok
15:25:42.0765 2096  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:25:42.0765 2096  FastUserSwitchingCompatibility - ok
15:25:42.0796 2096  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
15:25:42.0796 2096  Fdc - ok
15:25:42.0812 2096  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:25:42.0812 2096  Fips - ok
15:25:42.0828 2096  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:25:42.0843 2096  Flpydisk - ok
15:25:42.0843 2096  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
15:25:42.0843 2096  FltMgr - ok
15:25:42.0937 2096  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:25:42.0937 2096  FontCache3.0.0.0 - ok
15:25:42.0984 2096  [ 037B3AB349BE884BB8CB9C5356E34717 ] FSLX            C:\WINDOWS\system32\drivers\fslx.sys
15:25:42.0984 2096  FSLX - ok
15:25:43.0015 2096  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:25:43.0015 2096  Fs_Rec - ok
15:25:43.0031 2096  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:25:43.0031 2096  Ftdisk - ok
15:25:43.0062 2096  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:25:43.0078 2096  Gpc - ok
15:25:43.0140 2096  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:25:43.0140 2096  gupdate - ok
15:25:43.0140 2096  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:25:43.0140 2096  gupdatem - ok
15:25:43.0187 2096  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:25:43.0203 2096  gusvc - ok
15:25:43.0250 2096  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:25:43.0250 2096  HDAudBus - ok
15:25:43.0343 2096  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:25:43.0343 2096  helpsvc - ok
15:25:43.0375 2096  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:25:43.0375 2096  HidServ - ok
15:25:43.0406 2096  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:25:43.0406 2096  HidUsb - ok
15:25:43.0453 2096  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:25:43.0453 2096  hkmsvc - ok
15:25:43.0453 2096  hljqshpu - ok
15:25:43.0484 2096  [ E4E0B356A8756066CF89080D9DA69F22 ] HPFXBULK        C:\WINDOWS\system32\drivers\hpfxbulk.sys
15:25:43.0484 2096  HPFXBULK - ok
15:25:43.0500 2096  hpn - ok
15:25:43.0515 2096  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:25:43.0515 2096  HPZid412 - ok
15:25:43.0546 2096  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:25:43.0546 2096  HPZipr12 - ok
15:25:43.0562 2096  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:25:43.0562 2096  HPZius12 - ok
15:25:43.0609 2096  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:25:43.0625 2096  HTTP - ok
15:25:43.0671 2096  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:25:43.0671 2096  HTTPFilter - ok
15:25:43.0671 2096  i2omgmt - ok
15:25:43.0687 2096  i2omp - ok
15:25:43.0703 2096  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:25:43.0703 2096  i8042prt - ok
15:25:43.0750 2096  [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x            C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
15:25:43.0750 2096  i81x - ok
15:25:43.0781 2096  [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0         C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
15:25:43.0781 2096  iAimFP0 - ok
15:25:43.0796 2096  [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1         C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
15:25:43.0796 2096  iAimFP1 - ok
15:25:43.0796 2096  [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2         C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
15:25:43.0796 2096  iAimFP2 - ok
15:25:43.0812 2096  [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3         C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
15:25:43.0812 2096  iAimFP3 - ok
15:25:43.0828 2096  [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4         C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
15:25:43.0828 2096  iAimFP4 - ok
15:25:43.0843 2096  [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5         C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
15:25:43.0843 2096  iAimFP5 - ok
15:25:43.0843 2096  [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6         C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
15:25:43.0843 2096  iAimFP6 - ok
15:25:43.0859 2096  [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7         C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
15:25:43.0859 2096  iAimFP7 - ok
15:25:43.0859 2096  [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0         C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
15:25:43.0859 2096  iAimTV0 - ok
15:25:43.0875 2096  [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1         C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
15:25:43.0875 2096  iAimTV1 - ok
15:25:43.0890 2096  [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3         C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
15:25:43.0890 2096  iAimTV3 - ok
15:25:43.0906 2096  [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4         C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
15:25:43.0906 2096  iAimTV4 - ok
15:25:43.0906 2096  [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5         C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
15:25:43.0921 2096  iAimTV5 - ok
15:25:43.0921 2096  [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6         C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
15:25:43.0921 2096  iAimTV6 - ok
15:25:44.0109 2096  [ 00CD8ECE5983C6175A78230653FFDBF1 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:25:44.0250 2096  ialm - ok
15:25:44.0296 2096  [ 42BE6406094936A23280D68D9AEC33D0 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:25:44.0296 2096  iaStor - ok
15:25:44.0390 2096  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:25:44.0406 2096  idsvc - ok
15:25:44.0437 2096  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:25:44.0437 2096  Imapi - ok
15:25:44.0484 2096  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:25:44.0484 2096  ImapiService - ok
15:25:44.0484 2096  ini910u - ok
15:25:44.0609 2096  [ 3FD00A073361937B705822775255D4E0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:25:44.0734 2096  IntcAzAudAddService - ok
15:25:44.0765 2096  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
15:25:44.0765 2096  IntelIde - ok
15:25:44.0812 2096  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:25:44.0812 2096  intelppm - ok
15:25:44.0828 2096  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
15:25:44.0828 2096  Ip6Fw - ok
15:25:44.0875 2096  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:25:44.0875 2096  IpFilterDriver - ok
15:25:44.0890 2096  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:25:44.0890 2096  IpInIp - ok
15:25:44.0906 2096  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:25:44.0921 2096  IpNat - ok
15:25:44.0921 2096  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:25:44.0921 2096  IPSec - ok
15:25:44.0953 2096  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:25:44.0953 2096  IRENUM - ok
15:25:44.0984 2096  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:25:44.0984 2096  isapnp - ok
15:25:45.0031 2096  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:25:45.0031 2096  IviRegMgr - ok
15:25:45.0031 2096  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:25:45.0031 2096  Kbdclass - ok
15:25:45.0046 2096  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:25:45.0046 2096  kbdhid - ok
15:25:45.0062 2096  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:25:45.0062 2096  kmixer - ok
15:25:45.0062 2096  kqvpscbt - ok
15:25:45.0093 2096  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:25:45.0093 2096  KSecDD - ok
15:25:45.0125 2096  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
15:25:45.0125 2096  lanmanserver - ok
15:25:45.0171 2096  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:25:45.0171 2096  lanmanworkstation - ok
15:25:45.0171 2096  lbrtfdc - ok
15:25:45.0218 2096  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:25:45.0218 2096  LmHosts - ok
15:25:45.0250 2096  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
15:25:45.0250 2096  MBAMProtector - ok
15:25:45.0328 2096  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:25:45.0343 2096  MBAMScheduler - ok
15:25:45.0406 2096  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:25:45.0421 2096  MBAMService - ok
15:25:45.0453 2096  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:25:45.0453 2096  Messenger - ok
15:25:45.0484 2096  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:25:45.0484 2096  mnmdd - ok
15:25:45.0515 2096  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:25:45.0531 2096  mnmsrvc - ok
15:25:45.0546 2096  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:25:45.0546 2096  Modem - ok
15:25:45.0578 2096  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:25:45.0578 2096  Mouclass - ok
15:25:45.0625 2096  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:25:45.0625 2096  mouhid - ok
15:25:45.0625 2096  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:25:45.0640 2096  MountMgr - ok
15:25:45.0687 2096  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:25:45.0687 2096  MozillaMaintenance - ok
15:25:45.0703 2096  [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:25:45.0718 2096  MpFilter - ok
15:25:45.0859 2096  [ A69630D039C38018689190234F866D77 ] MpKsl7471396a   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7825E6CE-E40E-45AC-9E5B-38A476D71F47}\MpKsl7471396a.sys
15:25:45.0859 2096  MpKsl7471396a - ok
15:25:45.0859 2096  mraid35x - ok
15:25:45.0890 2096  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:25:45.0890 2096  MRxDAV - ok
15:25:45.0937 2096  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:25:45.0953 2096  MRxSmb - ok
15:25:46.0000 2096  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:25:46.0000 2096  MSDTC - ok
15:25:46.0000 2096  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:25:46.0000 2096  Msfs - ok
15:25:46.0000 2096  MSIServer - ok
15:25:46.0031 2096  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:25:46.0031 2096  MSKSSRV - ok
15:25:46.0109 2096  [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc         c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:25:46.0109 2096  MsMpSvc - ok
15:25:46.0140 2096  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:25:46.0140 2096  MSPCLOCK - ok
15:25:46.0140 2096  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:25:46.0140 2096  MSPQM - ok
15:25:46.0171 2096  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:25:46.0171 2096  mssmbios - ok
15:25:46.0218 2096  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:25:46.0218 2096  Mup - ok
15:25:46.0265 2096  [ 03CA886BA148B6B9996BE1368DDC3FC0 ] NAL             C:\WINDOWS\system32\Drivers\iqvw32.sys
15:25:46.0265 2096  NAL - ok
15:25:46.0328 2096  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:25:46.0328 2096  napagent - ok
15:25:46.0359 2096  [ 8716356E49A665BDC7B114725B60A456 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:25:46.0375 2096  NDIS - ok
15:25:46.0406 2096  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:25:46.0406 2096  NdisTapi - ok
15:25:46.0437 2096  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:25:46.0437 2096  Ndisuio - ok
15:25:46.0453 2096  [ 5526CFEBB619F7F763BD6A2E1B618078 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:25:46.0453 2096  NdisWan - ok
15:25:46.0500 2096  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:25:46.0500 2096  NDProxy - ok
15:25:46.0531 2096  [ 9EAC175BA34898308620C1984C881845 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:25:46.0531 2096  Net Driver HPZ12 - ok
15:25:46.0546 2096  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:25:46.0546 2096  NetBIOS - ok
15:25:46.0562 2096  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:25:46.0562 2096  NetBT - ok
15:25:46.0593 2096  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:25:46.0593 2096  NetDDE - ok
15:25:46.0593 2096  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:25:46.0593 2096  NetDDEdsdm - ok
15:25:46.0640 2096  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:25:46.0640 2096  Netlogon - ok
15:25:46.0640 2096  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
15:25:46.0656 2096  Netman - ok
15:25:46.0687 2096  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:25:46.0687 2096  NetTcpPortSharing - ok
15:25:46.0718 2096  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:25:46.0718 2096  NIC1394 - ok
15:25:46.0750 2096  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:25:46.0750 2096  Nla - ok
15:25:46.0796 2096  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:25:46.0796 2096  Npfs - ok
15:25:46.0812 2096  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:25:46.0828 2096  Ntfs - ok
15:25:46.0828 2096  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:25:46.0828 2096  NtLmSsp - ok
15:25:46.0859 2096  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:25:46.0875 2096  NtmsSvc - ok
15:25:46.0921 2096  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:25:46.0921 2096  Null - ok
15:25:46.0937 2096  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:25:46.0937 2096  NwlnkFlt - ok
15:25:46.0953 2096  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:25:46.0953 2096  NwlnkFwd - ok
15:25:46.0953 2096  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:25:46.0953 2096  ohci1394 - ok
15:25:47.0046 2096  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:25:47.0062 2096  ose - ok
15:25:47.0093 2096  [ C90018BAFDC7098619A4A95B046B30F3 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
15:25:47.0109 2096  P3 - ok
15:25:47.0125 2096  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
15:25:47.0125 2096  Parport - ok
15:25:47.0140 2096  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:25:47.0140 2096  PartMgr - ok
15:25:47.0156 2096  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:25:47.0156 2096  ParVdm - ok
15:25:47.0234 2096  [ 2A42DDAEAAE7743C55A3FA68A7AD9538 ] PCA             C:\WINDOWS\SMINST\PCAngel.exe
15:25:47.0796 2096  PCA - ok
15:25:47.0812 2096  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:25:47.0812 2096  PCI - ok
15:25:47.0828 2096  PCIDump - ok
15:25:47.0843 2096  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:25:47.0843 2096  PCIIde - ok
15:25:47.0875 2096  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:25:47.0875 2096  Pcmcia - ok
15:25:47.0890 2096  PDCOMP - ok
15:25:47.0890 2096  PDFRAME - ok
15:25:47.0890 2096  PDRELI - ok
15:25:47.0890 2096  PDRFRAME - ok
15:25:47.0906 2096  perc2 - ok
15:25:47.0906 2096  perc2hib - ok
15:25:47.0937 2096  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
15:25:47.0937 2096  PlugPlay - ok
15:25:47.0968 2096  [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:25:47.0968 2096  Pml Driver HPZ12 - ok
15:25:47.0984 2096  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:25:47.0984 2096  PolicyAgent - ok
15:25:48.0000 2096  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:25:48.0000 2096  PptpMiniport - ok
15:25:48.0000 2096  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:25:48.0000 2096  ProtectedStorage - ok
15:25:48.0000 2096  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:25:48.0015 2096  PSched - ok
15:25:48.0046 2096  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:25:48.0046 2096  Ptilink - ok
15:25:48.0062 2096  ql1080 - ok
15:25:48.0062 2096  Ql10wnt - ok
15:25:48.0062 2096  ql12160 - ok
15:25:48.0062 2096  ql1240 - ok
15:25:48.0078 2096  ql1280 - ok
15:25:48.0078 2096  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:25:48.0078 2096  RasAcd - ok
15:25:48.0109 2096  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:25:48.0109 2096  RasAuto - ok
15:25:48.0140 2096  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:25:48.0140 2096  Rasl2tp - ok
15:25:48.0187 2096  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:25:48.0187 2096  RasMan - ok
15:25:48.0187 2096  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:25:48.0187 2096  RasPppoe - ok
15:25:48.0218 2096  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:25:48.0234 2096  Raspti - ok
15:25:48.0250 2096  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:25:48.0250 2096  Rdbss - ok
15:25:48.0250 2096  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:25:48.0250 2096  RDPCDD - ok
15:25:48.0265 2096  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:25:48.0265 2096  rdpdr - ok
15:25:48.0312 2096  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:25:48.0312 2096  RDPWD - ok
15:25:48.0328 2096  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:25:48.0343 2096  RDSessMgr - ok
15:25:48.0406 2096  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
15:25:48.0406 2096  RealNetworks Downloader Resolver Service - ok
15:25:48.0421 2096  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:25:48.0437 2096  redbook - ok
15:25:48.0468 2096  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:25:48.0468 2096  RemoteAccess - ok
15:25:48.0484 2096  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:25:48.0484 2096  RemoteRegistry - ok
15:25:48.0500 2096  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:25:48.0500 2096  RpcLocator - ok
15:25:48.0515 2096  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:25:48.0515 2096  RpcSs - ok
15:25:48.0546 2096  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:25:48.0546 2096  RSVP - ok
15:25:48.0578 2096  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:25:48.0578 2096  SamSs - ok
15:25:48.0609 2096  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:25:48.0609 2096  SASDIFSV - ok
15:25:48.0625 2096  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:25:48.0625 2096  SASKUTIL - ok
15:25:48.0625 2096  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:25:48.0625 2096  SCardSvr - ok
15:25:48.0671 2096  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:25:48.0671 2096  Schedule - ok
15:25:48.0718 2096  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:25:48.0718 2096  Secdrv - ok
15:25:48.0750 2096  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:25:48.0750 2096  seclogon - ok
15:25:48.0750 2096  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
15:25:48.0765 2096  SENS - ok
15:25:48.0796 2096  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
15:25:48.0796 2096  serenum - ok
15:25:48.0828 2096  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
15:25:48.0828 2096  Serial - ok
15:25:48.0859 2096  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:25:48.0875 2096  Sfloppy - ok
15:25:48.0906 2096  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:25:48.0906 2096  SharedAccess - ok
15:25:48.0921 2096  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:25:48.0921 2096  ShellHWDetection - ok
15:25:48.0937 2096  Simbad - ok
15:25:48.0937 2096  Sparrow - ok
15:25:48.0953 2096  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:25:48.0953 2096  splitter - ok
15:25:49.0000 2096  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:25:49.0000 2096  Spooler - ok
15:25:49.0046 2096  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:25:49.0046 2096  sr - ok
15:25:49.0093 2096  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:25:49.0093 2096  srservice - ok
15:25:49.0125 2096  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:25:49.0125 2096  Srv - ok
15:25:49.0156 2096  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:25:49.0156 2096  SSDPSRV - ok
15:25:49.0171 2096  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:25:49.0171 2096  stisvc - ok
15:25:49.0203 2096  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:25:49.0218 2096  swenum - ok
15:25:49.0218 2096  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:25:49.0218 2096  swmidi - ok
15:25:49.0234 2096  SwPrv - ok
15:25:49.0265 2096  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
15:25:49.0281 2096  symc810 - ok
15:25:49.0281 2096  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:25:49.0281 2096  symc8xx - ok
15:25:49.0296 2096  [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi          C:\WINDOWS\system32\DRIVERS\symmpi.sys
15:25:49.0343 2096  Symmpi - ok
15:25:49.0375 2096  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:25:49.0375 2096  sym_hi - ok
15:25:49.0390 2096  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:25:49.0390 2096  sym_u3 - ok
15:25:49.0437 2096  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:25:49.0437 2096  sysaudio - ok
15:25:49.0468 2096  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:25:49.0484 2096  SysmonLog - ok
15:25:49.0500 2096  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:25:49.0500 2096  TapiSrv - ok
15:25:49.0546 2096  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:25:49.0546 2096  Tcpip - ok
15:25:49.0578 2096  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:25:49.0578 2096  TDPIPE - ok
15:25:49.0609 2096  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:25:49.0609 2096  TDTCP - ok
15:25:49.0609 2096  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:25:49.0609 2096  TermDD - ok
15:25:49.0640 2096  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
15:25:49.0640 2096  TermService - ok
15:25:49.0703 2096  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:25:49.0703 2096  Themes - ok
15:25:49.0734 2096  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:25:49.0734 2096  TlntSvr - ok
15:25:49.0750 2096  TosIde - ok
15:25:49.0765 2096  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:25:49.0765 2096  TrkWks - ok
15:25:49.0796 2096  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:25:49.0796 2096  Udfs - ok
15:25:49.0796 2096  ultra - ok
15:25:49.0828 2096  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:25:49.0828 2096  upnphost - ok
15:25:49.0843 2096  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
15:25:49.0843 2096  UPS - ok
15:25:49.0890 2096  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:25:49.0890 2096  usbccgp - ok
15:25:49.0937 2096  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:25:49.0937 2096  usbehci - ok
15:25:49.0953 2096  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:25:49.0953 2096  usbhub - ok
15:25:49.0968 2096  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:25:49.0968 2096  usbprint - ok
15:25:49.0984 2096  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:25:49.0984 2096  usbscan - ok
15:25:49.0984 2096  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:25:49.0984 2096  USBSTOR - ok
15:25:50.0000 2096  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:25:50.0000 2096  usbuhci - ok
15:25:50.0000 2096  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:25:50.0000 2096  VgaSave - ok
15:25:50.0031 2096  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
15:25:50.0031 2096  ViaIde - ok
15:25:50.0046 2096  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:25:50.0046 2096  VolSnap - ok
15:25:50.0093 2096  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
15:25:50.0109 2096  VSS - ok
15:25:50.0125 2096  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
15:25:50.0125 2096  W32Time - ok
15:25:50.0140 2096  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:25:50.0140 2096  Wanarp - ok
15:25:50.0140 2096  WDICA - ok
15:25:50.0156 2096  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:25:50.0156 2096  wdmaud - ok
15:25:50.0171 2096  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:25:50.0171 2096  WebClient - ok
15:25:50.0234 2096  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:25:50.0250 2096  winmgmt - ok
15:25:50.0296 2096  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
15:25:50.0296 2096  WmdmPmSN - ok
15:25:50.0328 2096  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:25:50.0343 2096  Wmi - ok
15:25:50.0375 2096  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:25:50.0375 2096  WmiApSrv - ok
15:25:50.0421 2096  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:25:50.0421 2096  wscsvc - ok
15:25:50.0437 2096  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:25:50.0437 2096  wuauserv - ok
15:25:50.0453 2096  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:25:50.0468 2096  WZCSVC - ok
15:25:50.0500 2096  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:25:50.0500 2096  xmlprov - ok
15:25:50.0500 2096  ================ Scan global ===============================
15:25:50.0531 2096  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:25:50.0578 2096  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
15:25:50.0687 2096  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
15:25:50.0687 2096  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:25:50.0687 2096  [Global] - ok
15:25:50.0687 2096  ================ Scan MBR ==================================
15:25:50.0703 2096  [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
15:25:50.0859 2096  \Device\Harddisk0\DR0 - ok
15:25:50.0875 2096  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR8
15:25:50.0875 2096  \Device\Harddisk6\DR8 - ok
15:25:50.0875 2096  ================ Scan VBR ==================================
15:25:50.0875 2096  [ 850F5865E76DCEF21B4D9E8706332476 ] \Device\Harddisk0\DR0\Partition1
15:25:50.0875 2096  \Device\Harddisk0\DR0\Partition1 - ok
15:25:50.0875 2096  [ 7A5FBBFA03A9CA49185E4069A1AE05C3 ] \Device\Harddisk0\DR0\Partition2
15:25:50.0890 2096  \Device\Harddisk0\DR0\Partition2 - ok
15:25:50.0890 2096  [ A6380468D3847BDF23A3531586097637 ] \Device\Harddisk6\DR8\Partition1
15:25:50.0890 2096  \Device\Harddisk6\DR8\Partition1 - ok
15:25:50.0890 2096  ============================================================
15:25:50.0890 2096  Scan finished
15:25:50.0890 2096  ============================================================
15:25:50.0890 1888  Detected object count: 0
15:25:50.0890 1888  Actual detected object count: 0


Edited by prairiedances, 01 August 2013 - 02:34 PM.


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 AM

Posted 01 August 2013 - 08:50 PM

Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 02 August 2013 - 10:45 AM

Hi Jeff. Attached is the log. Thanks! After the scan, I eabled Security Essentials, please let me know if that's not ok.

Attached Files

  • Attached File  log.txt   10.74KB   1 downloads


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:38 AM

Posted 03 August 2013 - 08:34 AM

ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    c:\windows\system32\drivers\hljqshpu.sys
    c:\windows\system32\drivers\kqvpscbt.sys
     
    Driver::
    hljqshpu
    kqvpscbt

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know how your system is running now?   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 prairiedances

prairiedances
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 03 August 2013 - 10:53 AM

Thanks for your help so far :) I won't be at that computer until Monday. Will do as instructed then.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users