Jump to content

Peelster1

Honorary Members
 View Profile  See their activity

  • Posts

    32

  • Joined

  • Last visited

 Content Type 

Everything posted by Peelster1

  1. Peelster1
    OTC did not remove any of the programs, but it did seem to delete itself after the reboot. What else should I try? Seeing how some of these are .exe's if I just put them in the Recycle Bin and emptied it, would they be deleted completely or would some other components remain?
  2. Peelster1
    After some use, I have encountered no problems with Internet Explorer. I did have to uninstall Service Pack 3 to uninstall and reinstall Internet Explorer. Service Pack 3 reinstalled successfully after that. Overall, the computer seems to be working completely correctly. The only problems being that Update for Windows XP (KB2633952) can not install. The programs that I still have on this computer that we used for the malware removal process are RKill (as iExplore) TDSSKiller, aswMBR, and TFC. Please let me know which ones I should delete and which ones (if any) that I should keep. I really would like to thank you for all of your help. I appreciate it tremendously.
  3. Peelster1
    I ran Internet Explorer without add-ons and it was still having the issue. I'm going to uninstall and reinstall it and see if it works then.
  4. Peelster1
    The message that I was referencing was the one saying "Internet Explorer has encountered a problem and needs to close." It would still close my window and attempt to recover the tab twice and then display the Website Restore Error page. A couple reboots later that message is appearing again. Internet Explorer is still not functioning, luckily I was able to click the download button for Firefox before the page closed out. I downloaded Firefox and it is working properly. Service Pack 3 appears to have installed correctly. Issues remaining: I still have those 4 updates and the Java update to do. Not a big deal. Service Pack 3 did not fix Internet Explorer. I'm going to attempt to reinstall it, as it is my prefered browser. Upon startup I was getting a pop-up message from Windows Security Alert. The message said: To help protect you computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Pando Media Booster Publisher: Unknown My options were Keep Blocking, Unblock, and Ask Me Later. I chose Keep Blocking because I did some research that told me that it was a program that some video game companies install when you download their games and what it does is that it acts as a torrent seed that allows others to download the game from the companies website faster. However, in doing so it takes up a lot of bandwidth. When I first installed Firefox it gave me a pop-up message with a header of "Add-ons may be causing problems". The pop-up message said: "Firefox has determined that the following add-ons are known to cause stability or security problmes: MetaStream 3 Plugin 3.2.2.26 Blocked These add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely." My options were "Restart Firefox" and Restart Later. I chose "Restart Later" and proceeded to install Service Pack 3 and then restarted my computer to finish Service Pack 3's installation. I have not received this message from Firefox again. I will now attempt to install the 4 Windows Update that could not install previously, as well as that Java update.
  5. Peelster1
    After those updates that I mentioned in my previous post installed the following updates attempted to install upon another rebooot. February 2007 CardSpace Update for Windows XP (KB925720) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB973869) Update for Windows XP (KB970430) Update for Windows XP (KB971737) Update for Windows XP (KB981793) However some of those updates did not install sucessfully. (Some are ones from the last update attempt as well.) UPDATES NOT INSTALLED Security Update for Windows XP (KB958470) Update for Windows XP (KB981793) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB956844) I am still having that Internet Explorer error, however it's not displaying the error message anymore. It just keeps attempting to restore the webpage. After my latest reboot, Windows Security Center recognizes Microsoft Security Essentials as "ON".
  6. Peelster1
    Method 2 worked for the uninstallation of Service Pack 3 (in a way.) When I tried the direct path to launch the spuninst.exe, it displayed an error message. However, when I removed the .exe from the Run command, I was able to open the folder containing the spuninst.exe and then was able to double click on it to run Service Pack 3's uninstallation wizard. Upon reboot, Windows Update had 43 updates. (I regret that I didn't take a screenshot of all the updates so I can't tell you what updates were installed.) The majority of the updates were Windows XP Updates and Security Updates, one was an ActiveX update and I remember something along the lines of "killbit". Some updates could not be installed though. Also, I did not see Windows XP Service Pack 3 anywhere in those updates. The updates that could not be installed were: Update for Windows XP (KB981793) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB981349) I then rebooted again using the "Restart Now" button. Hopefully you can tell which updates from the group that installed with the information of the ones that didn't. If not, I'm really sorry I forgot to log that information. I was able to get the Windows Firewall turned on via Windows Security Center, but now Windows Security Center has a status of "Off" for Virus Protection saying: "Windows found multiple antivirus programs on this computer, but they all report that they might be out of date or are turned off. Click Recommendations for suggested actions you can take." The recommendations were: "Update one of your installed antivirus programs. Note: You'll need to make sure that you have a current subscription with you antivirus provider to do this. or Get another antivirus program." However, Microsoft Security Essentials is fully updated and functional. (I even attempted to update it again just to make sure.) Another issue that I am having that needs to be resolved ASAP is that whenever I am one any website for a moment I get the following message: "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send to help us improve Internet Explorer. We will treat this report as confidential and anonymous. To see what data this error report contains, click here." The data is as follows: AppName: iexplore.exe AppVer: 8.0.6001.18702 ModName: mshtml.dll ModVer: 8.0.6001.19258 Offset: 00209f70 The following file will be included in the error report: C:\DOCUME~1\Nick\LOCALS~1\Temp\2c32_appcompat.txt If I could, I would copy/paste the full error report for you, but it's not able to be copied. After the error displays Internet Explorer attempts to restore the webpage twice before giving a Website Restore Error. So far, this is happening with all websites. Google is almost instantly, for Bing I'm barely able to search and it happens on this forum in about a minute after I arrive on the webpage. (So I ended up having to type this up in notepad.) It also happens anytime I click on any of my favorites. If you can give me a direct link to redownload and reinstall Service Pack 3, I would really appriciate it. Internet Explorer is also closing itself on Microsoft's website, so I can't get to it. I'm hoping that once Service Pack 3 is reinstalled then Internet Explorer won't be having this error anymore.
  7. Peelster1
    Where you would normally see the "Remove" button and sometimes also the "Change" button there are no buttons. There is only a link that says "Click here for support information." When I click that link I get a Support Info pop-up box. That says: Windows XP Service Pack 3 Use the following information to get technical support for Windows XP Service Pack 3 Publisher: Microsoft Corporation Version: 20080414.031525 Support Information: http://support.microsoft.com/?kbid=936929 The only button is "Close."
  8. Peelster1
    There is no "Remove" button in Add or Remove Programs for Windows XP Service Pack 3.
  9. Peelster1
    Would uninstalling Service Pack 3 uninstall Service Pack 2 as well? I know that in order to install Service Pack 3 you need Service Pack 2 already installed. That's not a problem though, I still have my Service Pack 2 CD and I originally installed Service Pack 3 via Windows Update. (If I remember correctly.) However in this circumstance I would have to download Service Pack 3 from the Service Pack Center.
  10. Peelster1
    The auto-fix ran but did not work. After the reboot I tried turning Windows Firewall back on with Secruity Center with no luck. I also tried turning it on manually. For both tries the same exact messages as before were displayed. Microsoft Security Essentials uninstalled and then reinstalled properly. I ran a Quick Scan and no threats were detected. Microsoft Security Essentials seems to be functioning like it is supposed to. The installation wizard for it noticed that Windows Firewall was not on and attempted to turn it on. It was unable to due to an "unknown error".
  11. Peelster1
    ComboFix uninstalled successfully and I deleted SecurityCheck. I have still haven't done the Java update nor the Windows updates because of your phasing of "after that". Which I'm assuming is after TFC runs sucessfully, after the uninstallation of ComboFix and the deletion of SecurityCheck. Of which, only the latter two were done.
  12. Peelster1
    I have not tried uninstalling and reinstalling it yet because of the other processes we've been using. Yes, I did mean Microsoft Security Essentials. I was a pretty tired when I posted that. I am unable to. When I try using Security Center to turn it on it displays a message saying. We're sorry. The Security Center could not turn on Windows Firewall. To try turning on the firewall yourself, go to Windows Firewall in Control Panel. In the Windows Fire dialog General tab, select On (recommended), and then click OK. The only button is Close. When I try following the instructions given by Security Center I get a message from Windows Firewall saying Due to an unidentified problem, Windows cannot display Windows Firewall settings. The only button is OK. When I launch TFC and click the Start button. It appears to begin it's process. However it only gets this far: Getting user folders. Stopping running processes. I came back to it a few hours later and it was still there. After a few more trys, it keeps freezing there. It also freezes the computer where I can only move my mouse. I have not attempted to uninstall ComboFix or install the Java and Windows updates yet.
  13. Peelster1
    Issues that remain: 1. Windows Security Essentials still displays error code: 0x80070424 whenever I try to turn it back on. I'm thinking about uninstalling it and getting the free version of AVG. 2. Windows Firewall is off whenever I turn on the infected computer. Can I turn Windows Firewall back on now, or do we still have to run programs that it would interfere with? 3. I have a Java update to do as well as some Windows updates that appear on occation upon startup which I've been holding off on for the duration of the cleaning process. 4. Are there any other measures that we need to take for the HTML/ScrInject.B.Gen virus or any of those trojan's? The following is checkup.txt. Results of screen317's Security Check version 0.99.43 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` ESET Online Scanner v3 Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 32 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 5% ````````````````````End of Log``````````````````````
  14. Peelster1
    Here's the ESET Online Scanner log. It appears like it got rid of 10 instants of the HTML/Scr/Inject.B.Gen virus as well as some Trojans. I will now download Security Check as instructed. We're making progress. 1 virus at a time. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6e3b90d71ab0084e972b575a6f74385b # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-25 09:10:52 # local_time=2012-07-25 05:10:52 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 76150224 76150224 0 0 # compatibility_mode=5891 16776549 42 92 658087 10317741 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=254769 # found=26 # cleaned=26 # scan_time=7648 C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FB9GU0Z6\fpi[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FB9GU0Z6\fpi[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FB9GU0Z6\fpi[4].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FB9GU0Z6\kitten-falling-asleep-standing-up[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GFZQCXA7\fpi[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HYK8SR82\fpi[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HYK8SR82\hidden-kitten[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MSGMBS8Y\cute-sleepy-kittens-meowing[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MSGMBS8Y\cute-sleepy-kittens-meowing[2].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MSGMBS8Y\kittyflix_com[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Nick\Desktop\Installers\AutoRefresher.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Nick\Desktop\Installers\Retrogamer.exe Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\n Win32/Sirefef.EV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Free Download Manager\Extras\setup.exe Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\Installer\{baebeb56-d64c-3f43-ac11-15634174457b}\n.vir Win32/Sirefef.EV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\Installer\{baebeb56-d64c-3f43-ac11-15634174457b}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\SEGA\SRALLY\OBJECT2P.TEX probably a variant of Win32/Agent.HSLEEMG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0012.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  15. Peelster1
    One zipped folder coming up! MBR.zip
  16. Peelster1
    When I attempted to attach MBR.dat I got a standard forum error message saying: MBR.dat You aren't permitted to upload this kind of file. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-20 18:30:51 ----------------------------- 18:30:51.812 OS Version: Windows 5.1.2600 Service Pack 3 18:30:51.812 Number of processors: 1 586 0x1601 18:30:51.812 ComputerName: RMPCOMPUTER UserName: Nick 18:30:52.843 Initialize success 18:31:25.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 18:31:25.593 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3 18:31:25.609 Disk 0 MBR read successfully 18:31:25.609 Disk 0 MBR scan 18:31:25.609 Disk 0 unknown MBR code 18:31:25.609 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63 18:31:25.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108470 MB offset 128520 18:31:25.625 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 222275340 18:31:25.671 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3380 MB offset 227512530 18:31:25.671 Disk 0 Partition 4 00 DD MSDOS5.0 2557 MB offset 222275403 18:31:25.687 Disk 0 scanning sectors +234436545 18:31:25.765 Disk 0 scanning C:\WINDOWS\system32\drivers 18:31:36.484 Service scanning 18:31:56.765 Modules scanning 18:32:04.718 Disk 0 trace - called modules: 18:32:04.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 18:32:04.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5d7ab8] 18:32:04.781 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a5f4030] 18:32:04.796 Scan finished successfully 18:33:19.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nick\Desktop\MBR.dat" 18:33:19.750 The log file has been saved successfully to "C:\Documents and Settings\Nick\Desktop\aswMBR.txt"
  17. Peelster1
    aswMBR said that it could use Avast! Free Antivirus for better detection results and then asked me if I would like to download the lastest Avast! virus definitions. Would I have to download Avast! first and then download it's definitions by clicking on the "Yes" button, or does "definitions" mean downloading the program? Also, I know that sometimes antivirus programs "fight" each other. Would downloading Avast! interfere with MBAM or any other processes that we are using? Rather, should I download Avast! before running aswMBR? Sorry if any of these questions seem dumb, I just don't want to mess anything up.
  18. Peelster1
    Oops, I mistakenly clicked "Post" before pasting the log. Sorry about that. 18:03:50.0609 3880 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 18:03:51.0000 3880 ============================================================ 18:03:51.0000 3880 Current date / time: 2012/07/19 18:03:51.0000 18:03:51.0000 3880 SystemInfo: 18:03:51.0000 3880 18:03:51.0000 3880 OS Version: 5.1.2600 ServicePack: 3.0 18:03:51.0000 3880 Product type: Workstation 18:03:51.0000 3880 ComputerName: RMPCOMPUTER 18:03:51.0000 3880 UserName: Nick 18:03:51.0000 3880 Windows directory: C:\WINDOWS 18:03:51.0000 3880 System windows directory: C:\WINDOWS 18:03:51.0000 3880 Processor architecture: Intel x86 18:03:51.0000 3880 Number of processors: 1 18:03:51.0000 3880 Page size: 0x1000 18:03:51.0000 3880 Boot type: Normal boot 18:03:51.0000 3880 ============================================================ 18:03:51.0609 3880 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 18:03:51.0609 3880 ============================================================ 18:03:51.0609 3880 \Device\Harddisk0\DR0: 18:03:51.0609 3880 MBR partitions: 18:03:51.0609 3880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0xD3DB104 18:03:51.0625 3880 ============================================================ 18:03:51.0687 3880 C: <-> \Device\Harddisk0\DR0\Partition0 18:03:51.0687 3880 ============================================================ 18:03:51.0687 3880 Initialize success 18:03:51.0687 3880 ============================================================ 18:03:53.0578 0800 ============================================================ 18:03:53.0578 0800 Scan started 18:03:53.0578 0800 Mode: Manual; 18:03:53.0578 0800 ============================================================ 18:03:54.0343 0800 Abiosdsk - ok 18:03:54.0453 0800 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 18:03:54.0453 0800 abp480n5 - ok 18:03:54.0531 0800 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 18:03:54.0531 0800 ac97intc - ok 18:03:54.0593 0800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:03:54.0593 0800 ACPI - ok 18:03:54.0656 0800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:03:54.0656 0800 ACPIEC - ok 18:03:54.0750 0800 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 18:03:54.0750 0800 AdobeFlashPlayerUpdateSvc - ok 18:03:54.0796 0800 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 18:03:54.0796 0800 adpu160m - ok 18:03:54.0843 0800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:03:54.0843 0800 aec - ok 18:03:54.0906 0800 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys 18:03:54.0906 0800 Afc - ok 18:03:54.0953 0800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 18:03:54.0953 0800 AFD - ok 18:03:55.0031 0800 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 18:03:55.0031 0800 agp440 - ok 18:03:55.0078 0800 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 18:03:55.0078 0800 agpCPQ - ok 18:03:55.0171 0800 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 18:03:55.0171 0800 Aha154x - ok 18:03:55.0234 0800 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 18:03:55.0234 0800 aic78u2 - ok 18:03:55.0296 0800 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 18:03:55.0296 0800 aic78xx - ok 18:03:55.0390 0800 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 18:03:55.0390 0800 Alerter - ok 18:03:55.0453 0800 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 18:03:55.0453 0800 ALG - ok 18:03:55.0484 0800 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 18:03:55.0484 0800 AliIde - ok 18:03:55.0515 0800 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 18:03:55.0515 0800 alim1541 - ok 18:03:55.0546 0800 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 18:03:55.0546 0800 amdagp - ok 18:03:55.0578 0800 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 18:03:55.0578 0800 amsint - ok 18:03:55.0640 0800 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 18:03:55.0640 0800 ApfiltrService - ok 18:03:55.0703 0800 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 18:03:55.0718 0800 APPDRV - ok 18:03:55.0718 0800 AppMgmt - ok 18:03:55.0781 0800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 18:03:55.0781 0800 Arp1394 - ok 18:03:55.0828 0800 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 18:03:55.0828 0800 asc - ok 18:03:55.0859 0800 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 18:03:55.0859 0800 asc3350p - ok 18:03:55.0921 0800 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 18:03:55.0921 0800 asc3550 - ok 18:03:56.0046 0800 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 18:03:56.0062 0800 aspnet_state - ok 18:03:56.0109 0800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:03:56.0109 0800 AsyncMac - ok 18:03:56.0156 0800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:03:56.0156 0800 atapi - ok 18:03:56.0171 0800 Atdisk - ok 18:03:56.0250 0800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:03:56.0250 0800 Atmarpc - ok 18:03:56.0312 0800 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 18:03:56.0312 0800 AudioSrv - ok 18:03:56.0375 0800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:03:56.0375 0800 audstub - ok 18:03:56.0562 0800 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 18:03:56.0593 0800 BCM43XX - ok 18:03:56.0687 0800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:03:56.0687 0800 Beep - ok 18:03:56.0750 0800 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\WINDOWS\system32\bgsvcgen.exe 18:03:56.0750 0800 bgsvcgen - ok 18:03:56.0796 0800 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 18:03:56.0796 0800 BITS - ok 18:03:56.0843 0800 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 18:03:56.0843 0800 Browser - ok 18:03:56.0984 0800 catchme - ok 18:03:57.0031 0800 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 18:03:57.0031 0800 cbidf - ok 18:03:57.0046 0800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:03:57.0046 0800 cbidf2k - ok 18:03:57.0125 0800 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 18:03:57.0125 0800 CCDECODE - ok 18:03:57.0187 0800 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 18:03:57.0187 0800 cd20xrnt - ok 18:03:57.0250 0800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:03:57.0250 0800 Cdaudio - ok 18:03:57.0265 0800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:03:57.0281 0800 Cdfs - ok 18:03:57.0296 0800 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys 18:03:57.0296 0800 cdrbsdrv - ok 18:03:57.0312 0800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:03:57.0312 0800 Cdrom - ok 18:03:57.0328 0800 Changer - ok 18:03:57.0375 0800 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 18:03:57.0375 0800 CiSvc - ok 18:03:57.0406 0800 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 18:03:57.0406 0800 ClipSrv - ok 18:03:57.0531 0800 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:03:57.0578 0800 clr_optimization_v2.0.50727_32 - ok 18:03:57.0593 0800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 18:03:57.0593 0800 CmBatt - ok 18:03:57.0625 0800 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 18:03:57.0625 0800 CmdIde - ok 18:03:57.0671 0800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 18:03:57.0671 0800 Compbatt - ok 18:03:57.0687 0800 COMSysApp - ok 18:03:57.0703 0800 coqicavp - ok 18:03:57.0750 0800 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 18:03:57.0750 0800 Cpqarray - ok 18:03:57.0812 0800 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 18:03:57.0812 0800 CryptSvc - ok 18:03:58.0062 0800 da6c4568 - ok 18:03:58.0218 0800 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 18:03:58.0218 0800 dac2w2k - ok 18:03:58.0250 0800 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 18:03:58.0250 0800 dac960nt - ok 18:03:58.0312 0800 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys 18:03:58.0312 0800 DCamUSBEMPIA - ok 18:03:58.0390 0800 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 18:03:58.0390 0800 DcomLaunch - ok 18:03:58.0437 0800 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 18:03:58.0437 0800 Dhcp - ok 18:03:58.0484 0800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:03:58.0484 0800 Disk - ok 18:03:58.0640 0800 dldtCATSCustConnectService (65478ed59558e70cafc766734616a7d7) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe 18:03:58.0640 0800 dldtCATSCustConnectService - ok 18:03:58.0640 0800 dldt_device - ok 18:03:58.0656 0800 dmadmin - ok 18:03:58.0734 0800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 18:03:58.0750 0800 dmboot - ok 18:03:58.0781 0800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 18:03:58.0796 0800 dmio - ok 18:03:58.0828 0800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:03:58.0828 0800 dmload - ok 18:03:58.0906 0800 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 18:03:58.0906 0800 dmserver - ok 18:03:58.0937 0800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:03:58.0937 0800 DMusic - ok 18:03:58.0984 0800 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 18:03:58.0984 0800 Dnscache - ok 18:03:59.0046 0800 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 18:03:59.0046 0800 Dot3svc - ok 18:03:59.0078 0800 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 18:03:59.0078 0800 dpti2o - ok 18:03:59.0187 0800 DragonSvc (bb45013a0e6ec0f39be4ef663ff2e993) C:\Program Files\Common Files\Nuance\dgnsvc.exe 18:03:59.0187 0800 DragonSvc - ok 18:03:59.0250 0800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:03:59.0250 0800 drmkaud - ok 18:03:59.0296 0800 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 18:03:59.0296 0800 E100B - ok 18:03:59.0328 0800 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 18:03:59.0328 0800 EapHost - ok 18:03:59.0328 0800 eaquwnwq - ok 18:03:59.0390 0800 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys 18:03:59.0390 0800 emAudio - ok 18:03:59.0437 0800 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 18:03:59.0437 0800 ERSvc - ok 18:03:59.0515 0800 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 18:03:59.0515 0800 Eventlog - ok 18:03:59.0593 0800 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 18:03:59.0593 0800 EventSystem - ok 18:03:59.0718 0800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:03:59.0718 0800 Fastfat - ok 18:03:59.0796 0800 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:03:59.0796 0800 FastUserSwitchingCompatibility - ok 18:03:59.0859 0800 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 18:03:59.0859 0800 Fax - ok 18:03:59.0906 0800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:03:59.0906 0800 Fdc - ok 18:03:59.0921 0800 fdjdopff - ok 18:03:59.0968 0800 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys 18:03:59.0968 0800 FiltUSBEMPIA - ok 18:04:00.0031 0800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 18:04:00.0031 0800 Fips - ok 18:04:00.0046 0800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:04:00.0046 0800 Flpydisk - ok 18:04:00.0078 0800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:04:00.0078 0800 FltMgr - ok 18:04:00.0312 0800 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 18:04:00.0328 0800 FontCache3.0.0.0 - ok 18:04:00.0375 0800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:04:00.0390 0800 Fs_Rec - ok 18:04:00.0406 0800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:04:00.0406 0800 Ftdisk - ok 18:04:00.0546 0800 GameConsoleService (bc4d691a2f3339fe89726d4959c79996) C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe 18:04:00.0546 0800 GameConsoleService - ok 18:04:00.0609 0800 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe 18:04:00.0609 0800 GoToAssist - ok 18:04:00.0734 0800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:04:00.0734 0800 Gpc - ok 18:04:01.0078 0800 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 18:04:01.0078 0800 gupdate - ok 18:04:01.0078 0800 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 18:04:01.0093 0800 gupdatem - ok 18:04:01.0093 0800 gxxbvgwq - ok 18:04:01.0203 0800 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys 18:04:01.0203 0800 hamachi - ok 18:04:01.0250 0800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:04:01.0265 0800 HDAudBus - ok 18:04:01.0562 0800 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:04:01.0562 0800 helpsvc - ok 18:04:01.0578 0800 hfciwqcu - ok 18:04:01.0578 0800 HidServ - ok 18:04:01.0656 0800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:04:01.0656 0800 HidUsb - ok 18:04:01.0890 0800 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 18:04:01.0890 0800 hkmsvc - ok 18:04:02.0078 0800 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 18:04:02.0078 0800 hpn - ok 18:04:02.0375 0800 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 18:04:02.0390 0800 hpqcxs08 - ok 18:04:02.0531 0800 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 18:04:02.0531 0800 hpqddsvc - ok 18:04:02.0609 0800 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 18:04:02.0609 0800 HPSLPSVC - ok 18:04:02.0671 0800 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 18:04:02.0671 0800 HPZid412 - ok 18:04:02.0718 0800 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 18:04:02.0718 0800 HPZipr12 - ok 18:04:02.0765 0800 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 18:04:02.0765 0800 HPZius12 - ok 18:04:02.0859 0800 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 18:04:02.0859 0800 HSFHWAZL - ok 18:04:03.0343 0800 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 18:04:03.0359 0800 HSF_DPV - ok 18:04:03.0421 0800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:04:03.0421 0800 HTTP - ok 18:04:03.0515 0800 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 18:04:03.0515 0800 HTTPFilter - ok 18:04:03.0593 0800 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 18:04:03.0625 0800 i2omgmt - ok 18:04:03.0734 0800 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 18:04:03.0750 0800 i2omp - ok 18:04:03.0953 0800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:04:03.0953 0800 i8042prt - ok 18:04:05.0218 0800 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 18:04:05.0734 0800 ialm - ok 18:04:06.0140 0800 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys 18:04:06.0140 0800 iaStor - ok 18:04:06.0890 0800 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:04:07.0125 0800 idsvc - ok 18:04:07.0140 0800 ieakgnib - ok 18:04:07.0406 0800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:04:07.0421 0800 Imapi - ok 18:04:07.0625 0800 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 18:04:07.0625 0800 ImapiService - ok 18:04:07.0750 0800 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 18:04:07.0750 0800 ini910u - ok 18:04:08.0062 0800 IntcHdmiAddService (99d47d1cf700982b37cce16b068449f0) C:\WINDOWS\system32\drivers\IntcHdmi.sys 18:04:08.0062 0800 IntcHdmiAddService - ok 18:04:08.0093 0800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 18:04:08.0093 0800 IntelIde - ok 18:04:08.0203 0800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:04:08.0203 0800 intelppm - ok 18:04:08.0296 0800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:04:08.0296 0800 Ip6Fw - ok 18:04:08.0437 0800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:04:08.0453 0800 IpFilterDriver - ok 18:04:08.0609 0800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:04:08.0609 0800 IpInIp - ok 18:04:09.0015 0800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:04:09.0015 0800 IpNat - ok 18:04:09.0125 0800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:04:09.0125 0800 IPSec - ok 18:04:09.0187 0800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:04:09.0187 0800 IRENUM - ok 18:04:09.0328 0800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:04:09.0328 0800 isapnp - ok 18:04:09.0500 0800 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe 18:04:09.0500 0800 JavaQuickStarterService - ok 18:04:09.0625 0800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:04:09.0625 0800 Kbdclass - ok 18:04:10.0031 0800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:04:10.0031 0800 kmixer - ok 18:04:10.0500 0800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:04:10.0500 0800 KSecDD - ok 18:04:10.0734 0800 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 18:04:10.0734 0800 lanmanserver - ok 18:04:10.0828 0800 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 18:04:10.0828 0800 lanmanworkstation - ok 18:04:10.0843 0800 lbrtfdc - ok 18:04:10.0906 0800 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 18:04:10.0906 0800 LmHosts - ok 18:04:11.0015 0800 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys 18:04:11.0015 0800 ManyCam - ok 18:04:12.0140 0800 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 18:04:12.0140 0800 MarvinBus - ok 18:04:12.0187 0800 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 18:04:12.0187 0800 MBAMProtector - ok 18:04:12.0265 0800 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:04:12.0281 0800 MBAMService - ok 18:04:12.0437 0800 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 18:04:12.0437 0800 mdmxsdk - ok 18:04:12.0515 0800 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 18:04:12.0515 0800 Messenger - ok 18:04:12.0593 0800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:04:12.0625 0800 mnmdd - ok 18:04:12.0890 0800 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 18:04:12.0890 0800 mnmsrvc - ok 18:04:13.0390 0800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 18:04:13.0390 0800 Modem - ok 18:04:13.0453 0800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:04:13.0453 0800 Mouclass - ok 18:04:13.0578 0800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:04:13.0578 0800 MountMgr - ok 18:04:13.0734 0800 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 18:04:13.0750 0800 MPE - ok 18:04:13.0890 0800 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 18:04:13.0890 0800 MpFilter - ok 18:04:13.0937 0800 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 18:04:13.0953 0800 mraid35x - ok 18:04:14.0000 0800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:04:14.0031 0800 MRxDAV - ok 18:04:14.0203 0800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:04:14.0218 0800 MRxSmb - ok 18:04:14.0343 0800 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 18:04:14.0343 0800 MSDTC - ok 18:04:14.0359 0800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:04:14.0359 0800 Msfs - ok 18:04:14.0375 0800 MSIServer - ok 18:04:14.0437 0800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:04:14.0437 0800 MSKSSRV - ok 18:04:14.0500 0800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:04:14.0500 0800 MSPCLOCK - ok 18:04:14.0546 0800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:04:14.0546 0800 MSPQM - ok 18:04:14.0671 0800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:04:14.0671 0800 mssmbios - ok 18:04:14.0796 0800 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 18:04:14.0796 0800 MSTEE - ok 18:04:15.0093 0800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 18:04:15.0125 0800 Mup - ok 18:04:15.0453 0800 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 18:04:15.0484 0800 NABTSFEC - ok 18:04:16.0328 0800 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 18:04:16.0453 0800 napagent - ok 18:04:16.0656 0800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:04:16.0703 0800 NDIS - ok 18:04:16.0781 0800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 18:04:16.0781 0800 NdisIP - ok 18:04:16.0953 0800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:04:16.0953 0800 NdisTapi - ok 18:04:16.0968 0800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:04:16.0968 0800 Ndisuio - ok 18:04:17.0000 0800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:04:17.0000 0800 NdisWan - ok 18:04:17.0218 0800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:04:17.0218 0800 NDProxy - ok 18:04:17.0468 0800 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll 18:04:17.0468 0800 Net Driver HPZ12 - ok 18:04:17.0687 0800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:04:17.0687 0800 NetBIOS - ok 18:04:18.0125 0800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:04:18.0328 0800 NetBT - ok 18:04:18.0562 0800 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 18:04:18.0562 0800 NetDDE - ok 18:04:18.0562 0800 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 18:04:18.0578 0800 NetDDEdsdm - ok 18:04:18.0781 0800 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:04:18.0796 0800 Netlogon - ok 18:04:19.0000 0800 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 18:04:19.0000 0800 Netman - ok 18:04:19.0296 0800 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:04:19.0312 0800 NetTcpPortSharing - ok 18:04:19.0765 0800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 18:04:19.0812 0800 NIC1394 - ok 18:04:20.0500 0800 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 18:04:20.0500 0800 Nla - ok 18:04:22.0265 0800 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe 18:04:22.0500 0800 nmservice - ok 18:04:22.0734 0800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:04:22.0750 0800 Npfs - ok 18:04:22.0750 0800 nqjuhdju - ok 18:04:22.0812 0800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:04:22.0828 0800 Ntfs - ok 18:04:22.0984 0800 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:04:22.0984 0800 NtLmSsp - ok 18:04:23.0218 0800 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 18:04:23.0265 0800 NtmsSvc - ok 18:04:23.0328 0800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:04:23.0343 0800 Null - ok 18:04:24.0109 0800 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 18:04:24.0265 0800 nv - ok 18:04:24.0406 0800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:04:24.0421 0800 NwlnkFlt - ok 18:04:24.0484 0800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:04:24.0484 0800 NwlnkFwd - ok 18:04:25.0203 0800 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:04:25.0218 0800 odserv - ok 18:04:25.0265 0800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 18:04:25.0265 0800 ohci1394 - ok 18:04:25.0328 0800 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:04:25.0343 0800 ose - ok 18:04:25.0343 0800 otvwtogq - ok 18:04:25.0406 0800 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys 18:04:25.0406 0800 ovt519 - ok 18:04:25.0468 0800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 18:04:25.0468 0800 Parport - ok 18:04:25.0468 0800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:04:25.0484 0800 PartMgr - ok 18:04:25.0546 0800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 18:04:25.0546 0800 ParVdm - ok 18:04:25.0640 0800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 18:04:25.0640 0800 PCI - ok 18:04:25.0656 0800 PCIDump - ok 18:04:25.0843 0800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:04:25.0843 0800 PCIIde - ok 18:04:26.0031 0800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:04:26.0031 0800 Pcmcia - ok 18:04:26.0046 0800 PDCOMP - ok 18:04:26.0062 0800 PDFRAME - ok 18:04:26.0062 0800 PDRELI - ok 18:04:26.0078 0800 PDRFRAME - ok 18:04:26.0109 0800 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 18:04:26.0109 0800 perc2 - ok 18:04:26.0140 0800 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 18:04:26.0140 0800 perc2hib - ok 18:04:26.0171 0800 pljvprgz - ok 18:04:26.0265 0800 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 18:04:26.0265 0800 PlugPlay - ok 18:04:26.0312 0800 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll 18:04:26.0328 0800 Pml Driver HPZ12 - ok 18:04:26.0359 0800 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys 18:04:26.0359 0800 pnarp - ok 18:04:26.0375 0800 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:04:26.0375 0800 PolicyAgent - ok 18:04:26.0421 0800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:04:26.0421 0800 PptpMiniport - ok 18:04:26.0437 0800 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:04:26.0437 0800 ProtectedStorage - ok 18:04:26.0437 0800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:04:26.0453 0800 PSched - ok 18:04:26.0484 0800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:04:26.0484 0800 Ptilink - ok 18:04:26.0500 0800 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys 18:04:26.0500 0800 purendis - ok 18:04:26.0546 0800 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys 18:04:26.0562 0800 PxHelp20 - ok 18:04:26.0609 0800 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 18:04:26.0671 0800 ql1080 - ok 18:04:27.0031 0800 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 18:04:27.0078 0800 Ql10wnt - ok 18:04:27.0296 0800 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 18:04:27.0312 0800 ql12160 - ok 18:04:27.0453 0800 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 18:04:27.0453 0800 ql1240 - ok 18:04:27.0500 0800 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 18:04:27.0500 0800 ql1280 - ok 18:04:27.0515 0800 qlsgyfda - ok 18:04:27.0515 0800 qvikqtje - ok 18:04:27.0578 0800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:04:27.0578 0800 RasAcd - ok 18:04:27.0859 0800 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 18:04:27.0953 0800 RasAuto - ok 18:04:28.0312 0800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:04:28.0312 0800 Rasl2tp - ok 18:04:28.0562 0800 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 18:04:28.0562 0800 RasMan - ok 18:04:28.0578 0800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:04:28.0578 0800 RasPppoe - ok 18:04:28.0593 0800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:04:28.0593 0800 Raspti - ok 18:04:29.0046 0800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:04:29.0062 0800 Rdbss - ok 18:04:29.0109 0800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:04:29.0140 0800 RDPCDD - ok 18:04:29.0281 0800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:04:29.0281 0800 rdpdr - ok 18:04:29.0515 0800 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 18:04:29.0531 0800 RDPWD - ok 18:04:29.0734 0800 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 18:04:29.0734 0800 RDSessMgr - ok 18:04:29.0921 0800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:04:29.0921 0800 redbook - ok 18:04:30.0093 0800 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 18:04:30.0093 0800 RemoteAccess - ok 18:04:30.0265 0800 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 18:04:30.0265 0800 rimmptsk - ok 18:04:30.0296 0800 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 18:04:30.0296 0800 rimsptsk - ok 18:04:30.0359 0800 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 18:04:30.0359 0800 rismxdp - ok 18:04:30.0468 0800 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 18:04:30.0484 0800 RpcLocator - ok 18:04:30.0859 0800 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 18:04:30.0859 0800 RpcSs - ok 18:04:30.0953 0800 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 18:04:30.0984 0800 RSVP - ok 18:04:31.0093 0800 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 18:04:31.0093 0800 SamSs - ok 18:04:31.0203 0800 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys 18:04:31.0203 0800 ScanUSBEMPIA - ok 18:04:31.0312 0800 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 18:04:31.0328 0800 SCardSvr - ok 18:04:31.0562 0800 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 18:04:31.0562 0800 Schedule - ok 18:04:31.0796 0800 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 18:04:31.0921 0800 sdbus - ok 18:04:32.0015 0800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:04:32.0078 0800 Secdrv - ok 18:04:32.0109 0800 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 18:04:32.0109 0800 seclogon - ok 18:04:32.0140 0800 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 18:04:32.0140 0800 SENS - ok 18:04:32.0328 0800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:04:32.0328 0800 serenum - ok 18:04:32.0468 0800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 18:04:32.0468 0800 Serial - ok 18:04:32.0531 0800 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 18:04:32.0531 0800 sffdisk - ok 18:04:32.0562 0800 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 18:04:32.0562 0800 sffp_sd - ok 18:04:32.0656 0800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:04:32.0671 0800 Sfloppy - ok 18:04:33.0015 0800 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:04:33.0015 0800 ShellHWDetection - ok 18:04:33.0031 0800 Simbad - ok 18:04:33.0218 0800 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 18:04:33.0218 0800 sisagp - ok 18:04:33.0234 0800 skkbnvwa - ok 18:04:33.0375 0800 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 18:04:33.0390 0800 SLIP - ok 18:04:33.0562 0800 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 18:04:33.0562 0800 Sparrow - ok 18:04:33.0593 0800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:04:33.0593 0800 splitter - ok 18:04:33.0750 0800 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 18:04:33.0750 0800 Spooler - ok 18:04:33.0796 0800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 18:04:33.0796 0800 sr - ok 18:04:34.0093 0800 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 18:04:34.0140 0800 srservice - ok 18:04:34.0390 0800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:04:34.0437 0800 Srv - ok 18:04:34.0546 0800 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 18:04:34.0546 0800 SSDPSRV - ok 18:04:34.0843 0800 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\STacSV.exe 18:04:34.0859 0800 STacSV - ok 18:04:35.0140 0800 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 18:04:35.0140 0800 STHDA - ok 18:04:35.0421 0800 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 18:04:35.0578 0800 stisvc - ok 18:04:36.0046 0800 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 18:04:36.0062 0800 stllssvr - ok 18:04:36.0328 0800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 18:04:36.0328 0800 streamip - ok 18:04:36.0390 0800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:04:36.0390 0800 swenum - ok 18:04:36.0421 0800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:04:36.0421 0800 swmidi - ok 18:04:36.0421 0800 SwPrv - ok 18:04:36.0500 0800 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 18:04:36.0500 0800 symc810 - ok 18:04:36.0546 0800 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 18:04:36.0546 0800 symc8xx - ok 18:04:36.0562 0800 SymIM - ok 18:04:36.0578 0800 SymIMMP - ok 18:04:36.0656 0800 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 18:04:36.0671 0800 sym_hi - ok 18:04:36.0703 0800 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 18:04:36.0703 0800 sym_u3 - ok 18:04:36.0859 0800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:04:36.0859 0800 sysaudio - ok 18:04:36.0921 0800 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 18:04:36.0921 0800 SysmonLog - ok 18:04:37.0109 0800 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 18:04:37.0109 0800 TapiSrv - ok 18:04:37.0218 0800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:04:37.0218 0800 Tcpip - ok 18:04:37.0281 0800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:04:37.0281 0800 TDPIPE - ok 18:04:37.0359 0800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:04:37.0359 0800 TDTCP - ok 18:04:37.0375 0800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:04:37.0375 0800 TermDD - ok 18:04:37.0781 0800 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 18:04:37.0812 0800 TermService - ok 18:04:38.0062 0800 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 18:04:38.0062 0800 Themes - ok 18:04:38.0140 0800 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 18:04:38.0140 0800 TosIde - ok 18:04:38.0312 0800 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 18:04:38.0328 0800 TrkWks - ok 18:04:38.0531 0800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:04:38.0609 0800 Udfs - ok 18:04:38.0890 0800 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 18:04:38.0890 0800 ultra - ok 18:04:39.0000 0800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:04:39.0015 0800 Update - ok 18:04:39.0093 0800 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 18:04:39.0093 0800 upnphost - ok 18:04:39.0140 0800 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 18:04:39.0140 0800 UPS - ok 18:04:39.0250 0800 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 18:04:39.0265 0800 usbaudio - ok 18:04:39.0343 0800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:04:39.0343 0800 usbccgp - ok 18:04:39.0484 0800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:04:39.0484 0800 usbehci - ok 18:04:39.0562 0800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:04:39.0578 0800 usbhub - ok 18:04:39.0718 0800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:04:39.0718 0800 usbprint - ok 18:04:39.0812 0800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:04:39.0812 0800 usbscan - ok 18:04:39.0828 0800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:04:39.0828 0800 USBSTOR - ok 18:04:39.0968 0800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:04:39.0968 0800 usbuhci - ok 18:04:40.0250 0800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:04:40.0250 0800 VgaSave - ok 18:04:40.0312 0800 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 18:04:40.0312 0800 viaagp - ok 18:04:40.0390 0800 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 18:04:40.0437 0800 ViaIde - ok 18:04:40.0593 0800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 18:04:40.0593 0800 VolSnap - ok 18:04:40.0796 0800 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 18:04:40.0812 0800 VSS - ok 18:04:40.0859 0800 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 18:04:40.0875 0800 w32time - ok 18:04:40.0968 0800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:04:40.0968 0800 Wanarp - ok 18:04:41.0109 0800 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 18:04:41.0109 0800 wanatw - ok 18:04:41.0265 0800 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 18:04:41.0265 0800 Wdf01000 - ok 18:04:41.0281 0800 WDICA - ok 18:04:41.0562 0800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:04:41.0562 0800 wdmaud - ok 18:04:41.0859 0800 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 18:04:42.0000 0800 WebClient - ok 18:04:42.0265 0800 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 18:04:42.0281 0800 winachsf - ok 18:04:42.0390 0800 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 18:04:42.0390 0800 winmgmt - ok 18:04:42.0406 0800 wltrysvc - ok 18:04:42.0546 0800 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 18:04:42.0562 0800 WmdmPmSN - ok 18:04:42.0609 0800 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 18:04:42.0609 0800 WmiAcpi - ok 18:04:43.0093 0800 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:04:43.0093 0800 WmiApSrv - ok 18:04:43.0359 0800 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 18:04:43.0375 0800 WMPNetworkSvc - ok 18:04:43.0437 0800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 18:04:43.0437 0800 WS2IFSL - ok 18:04:43.0546 0800 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 18:04:43.0562 0800 wscsvc - ok 18:04:43.0687 0800 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 18:04:43.0703 0800 WSTCODEC - ok 18:04:43.0765 0800 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 18:04:43.0765 0800 wuauserv - ok 18:04:43.0843 0800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:04:43.0843 0800 WudfPf - ok 18:04:43.0906 0800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:04:43.0906 0800 WudfRd - ok 18:04:44.0015 0800 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 18:04:44.0031 0800 WudfSvc - ok 18:04:44.0125 0800 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 18:04:44.0140 0800 WZCSVC - ok 18:04:44.0203 0800 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 18:04:44.0218 0800 xmlprov - ok 18:04:44.0281 0800 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 18:04:44.0296 0800 yukonwxp - ok 18:04:44.0312 0800 zbuqofzb - ok 18:04:44.0359 0800 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0 18:04:44.0390 0800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 18:04:44.0390 0800 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 18:04:44.0437 0800 Boot (0x1200) (3d29cc69c87f8d467699318942ce0f3f) \Device\Harddisk0\DR0\Partition0 18:04:44.0437 0800 \Device\Harddisk0\DR0\Partition0 - ok 18:04:44.0453 0800 ============================================================ 18:04:44.0453 0800 Scan finished 18:04:44.0453 0800 ============================================================ 18:04:44.0468 2268 Detected object count: 1 18:04:44.0468 2268 Actual detected object count: 1 18:05:09.0765 2268 \Device\Harddisk0\DR0\# - copied to quarantine 18:05:09.0765 2268 \Device\Harddisk0\DR0 - copied to quarantine 18:05:09.0812 2268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 18:05:09.0875 2268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 18:05:09.0906 2268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 18:05:09.0906 2268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 18:05:09.0921 2268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 18:05:10.0000 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 18:05:10.0015 2268 \Device\Harddisk0\DR0 - ok 18:05:10.0015 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 18:06:07.0687 2052 Deinitialize success
  19. Peelster1
    Something I just noticed before the TDSSKiller scan is that MBAM was no longer displaying the two messages on start-up anymore. If I'm remembering correctly, it stopped displaying those messages on start-up 2 days ago. However, I specifically noticed that they were no longer being displayed after the reboot with TDSSKiller. As the log probably tells you, TDSSKiller took the action of "Cure" when it encountered Rootkit.Boot.Pihar.c and it quarantined 15 other objects. Rootkit was the only threat detected. TDSSKiller only processed 354 objects (which seems about right for a scan duration of 1 minute and 16 seconds.) Is processing only 354 objects normal? The following is the TDSSKiller log.
  20. Peelster1
    Windows Firefall is off, I turned MBAM off as Bleeping Computer's guide instructs and again I launched sega.com via that command you gave me, this time accepting the update, ComboFix extracted/installed and then launched. It never displayed "Please wait. ComboFix is preparing to run." It backed up the Windows Registry before launching Command Prompt and when it did launch Command Prompt, it displayed the same blue screen as it's supposed to have. Once again, it did not display any more text nor disconnect my computer from the internet when it was supposed to. After 30 minutes of no activity I attempted to close it. The X button didn't work and I could not launch Task Manager so I held the power button, same as before.
  21. Peelster1
    sega.com prompted me with an update which I clicked "No." because I have no idea if the download link you gave me was the exact version I should use or if I should update it. It seemed to install correctly and the blue screen for Command Prompt came up. However it did not display "Please wait. ComboFix is preparing to run." It just stayed blank and I attempted to stop it after 30 minutes of no activity. The X button did nothing and Task Manager wouldn't launch either. So I just ended up having to hold the power button. Upon reboot, my firewall is now turned off. Before I couldn't get to the settings to do so, but now it's off. Should I have updated ComboFix? (sega.com)
  22. Peelster1
    Of course I clicked "Quarantine" for that message as well. Some information I forgot to mention: The download of ComboFix as sega.com was successful. This time, instead of the the Thundercats logo, it displays the the "blank white window" logo. Also, MBAM is asking to download and install the latest version, despite that it just did an auto-update. As of now, I have taken no action towards it.
  23. Peelster1
    When I went to boot from Safe Mode, the computer began the boot process. However, when the screen displayed the following: multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\pci.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\isapnp.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\compbatt.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\BATTC.SYS multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\pciide.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\PCIIDEX.SYS multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\MountMyr.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\ftdisk.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\PartMgr.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\VolSnap.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\atapi.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\drivers\iaStor.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\disk.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\CLASSPNP.SYS multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\drivers\fltmgr.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\sr.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\MpFilter.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\PxHelp20.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\KSecDD.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Ntfs.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\NDIS.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\ohci1394.sys multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\1394BUS.SYS multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Mup.sys The screen froze for a few seconds and then displayed the "blue screen of death" with the following message: A problem has been detected and Windows has been shut down to prevent damage to your computer. If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps: Check to be sure you have adequate disk space, If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters. Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode. Technical information: *** STOP: 0x0000007E (0xX0000005, 0xF7898160, 0xF78DE864, 0xF78DE560) *** kdcom.dll - Address F7898160 base at F7897000, DateStamp 4f8f0f42 I restarted the computer and tried Safe Mode again with the same exact response from the computer. I even restarted from the user select screen and then tried Safe Mode. The same thing happened. When I booted normally to type this message, MBAM displayed the same message as always, blocking the malcious process. However, this time when I clicked Quarantine it displayed the following message: Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below. C:\DOCUMENTS AND SETTINGS\NICK\LOCAL SETTINGS\APPLICATION DATA\{BAEBEB56-D64C-3F43-AC11-15634174457B}\U\00000004.@ ROOTKIT.0ACCESS
  24. Peelster1
    My wording of that last sentence was poor. Originally I thought that Combofix.exe would be in Add or Remove Programs. It was not, and then I remembered your wording of "delete" instead of "uninstall", which lead me to right click on ComboFix.exe and select Delete. I am now beginning the download of ComboFix under the name of sega.com.
  25. Peelster1
    You're welcome. After all, it is important to keep the person helping me well updated. I am now back on the infected computer. The following is the exact message I am getting from MBAM on every startup. Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below. C:\DOCUMENTS AND SETTINGS\NICK\LOCAL SETTINGS\APPLICATION DATA\{BAEBEB56-D64C-3F43-AC11-15634174457B}\U\80000000.@ TROJAN.SIREFEF Disable Protection Ignore Quarantine I have always been selecting Quarantine on every startup of course. As I am typing this, MBAM has just auto-updated from v2012.07.10.06 to v2012.07.13.06. I am now beginning the uninstall of ComboFix in order to reinstall it as sega.com.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.