Peelster1
-
Posts
32 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Peelster1
-
-
After some use, I have encountered no problems with Internet Explorer. I did have to uninstall Service Pack 3 to uninstall and reinstall Internet Explorer. Service Pack 3 reinstalled successfully after that.
Overall, the computer seems to be working completely correctly. The only problems being that Update for Windows XP (KB2633952) can not install.
The programs that I still have on this computer that we used for the malware removal process are RKill (as iExplore) TDSSKiller, aswMBR, and TFC. Please let me know which ones I should delete and which ones (if any) that I should keep.
I really would like to thank you for all of your help. I appreciate it tremendously.
-
I ran Internet Explorer without add-ons and it was still having the issue. I'm going to uninstall and reinstall it and see if it works then.
-
The message that I was referencing was the one saying "Internet Explorer has encountered a problem and needs to close." It would still close my window and attempt to recover the tab twice and then display the Website Restore Error page. A couple reboots later that message is appearing again. Internet Explorer is still not functioning, luckily I was able to click the download button for Firefox before the page closed out.
I downloaded Firefox and it is working properly. Service Pack 3 appears to have installed correctly.
Issues remaining:
I still have those 4 updates and the Java update to do. Not a big deal.
Service Pack 3 did not fix Internet Explorer. I'm going to attempt to reinstall it, as it is my prefered browser.
Upon startup I was getting a pop-up message from Windows Security Alert. The message said:
To help protect you computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Pando Media Booster
Publisher: Unknown
My options were Keep Blocking, Unblock, and Ask Me Later.
I chose Keep Blocking because I did some research that told me that it was a program that some video game companies install when you download their games and what it does is that it acts as a torrent seed that allows others to download the game from the companies website faster. However, in doing so it takes up a lot of bandwidth.
When I first installed Firefox it gave me a pop-up message with a header of "Add-ons may be causing problems". The pop-up message said:
"Firefox has determined that the following add-ons are known to cause stability or security problmes:
MetaStream 3 Plugin 3.2.2.26 Blocked
These add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely."
My options were "Restart Firefox" and Restart Later. I chose "Restart Later" and proceeded to install Service Pack 3 and then restarted my computer to finish Service Pack 3's installation. I have not received this message from Firefox again.
I will now attempt to install the 4 Windows Update that could not install previously, as well as that Java update.
-
After those updates that I mentioned in my previous post installed the following updates attempted to install upon another rebooot.
February 2007 CardSpace Update for Windows XP (KB925720)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB973869)
Update for Windows XP (KB970430)
Update for Windows XP (KB971737)
Update for Windows XP (KB981793)
However some of those updates did not install sucessfully. (Some are ones from the last update attempt as well.)
UPDATES NOT INSTALLED
Security Update for Windows XP (KB958470)
Update for Windows XP (KB981793)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB956844)
I am still having that Internet Explorer error, however it's not displaying the error message anymore. It just keeps attempting to restore the webpage.
After my latest reboot, Windows Security Center recognizes Microsoft Security Essentials as "ON".
-
Method 2 worked for the uninstallation of Service Pack 3 (in a way.) When I tried the direct path to launch the spuninst.exe, it displayed an error message. However, when I removed the .exe from the Run command, I was able to open the folder containing the spuninst.exe and then was able to double click on it to run Service Pack 3's uninstallation wizard.
Upon reboot, Windows Update had 43 updates. (I regret that I didn't take a screenshot of all the updates so I can't tell you what updates were installed.) The majority of the updates were Windows XP Updates and Security Updates, one was an ActiveX update and I remember something along the lines of "killbit". Some updates could not be installed though. Also, I did not see Windows XP Service Pack 3 anywhere in those updates. The updates that could not be installed were:
Update for Windows XP (KB981793)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB981349)
I then rebooted again using the "Restart Now" button. Hopefully you can tell which updates from the group that installed with the information of the ones that didn't. If not, I'm really sorry I forgot to log that information.
I was able to get the Windows Firewall turned on via Windows Security Center, but now Windows Security Center has a status of "Off" for Virus Protection saying:
"Windows found multiple antivirus programs on this computer, but they all report that they might be out of date or are turned off. Click Recommendations for suggested actions you can take."
The recommendations were:
"Update one of your installed antivirus programs. Note: You'll need to make sure that you have a current subscription with you antivirus provider to do this.
or
Get another antivirus program."
However, Microsoft Security Essentials is fully updated and functional. (I even attempted to update it again just to make sure.)
Another issue that I am having that needs to be resolved ASAP is that whenever I am one any website for a moment I get the following message:
"Internet Explorer has encountered a problem and needs
to close. We are sorry for the inconvenience.
If you were in the middle of something, the information you were working on
might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to help us improve
Internet Explorer. We will treat this report as confidential and anonymous.
To see what data this error report contains, click here."
The data is as follows:
AppName: iexplore.exe AppVer: 8.0.6001.18702 ModName: mshtml.dll
ModVer: 8.0.6001.19258 Offset: 00209f70
The following file will be included in the error report:
C:\DOCUME~1\Nick\LOCALS~1\Temp\2c32_appcompat.txt
If I could, I would copy/paste the full error report for you, but it's not able to be copied.
After the error displays Internet Explorer attempts to restore the webpage twice before giving a Website Restore Error. So far, this is happening with all websites. Google is almost instantly, for Bing I'm barely able to search and it happens on this forum in about a minute after I arrive on the webpage. (So I ended up having to type this up in notepad.) It also happens anytime I click on any of my favorites.
If you can give me a direct link to redownload and reinstall Service Pack 3, I would really appriciate it. Internet Explorer is also closing itself on Microsoft's website, so I can't get to it. I'm hoping that once Service Pack 3 is reinstalled then Internet Explorer won't be having this error anymore.
-
Where you would normally see the "Remove" button and sometimes also the "Change" button there are no buttons. There is only a link that says "Click here for support information." When I click that link I get a Support Info pop-up box. That says:
Windows XP Service Pack 3
Use the following information to get technical support for Windows XP Service Pack 3
Publisher: Microsoft Corporation
Version: 20080414.031525
Support Information: http://support.microsoft.com/?kbid=936929
The only button is "Close."
-
There is no "Remove" button in Add or Remove Programs for Windows XP Service Pack 3.
-
Would uninstalling Service Pack 3 uninstall Service Pack 2 as well? I know that in order to install Service Pack 3 you need Service Pack 2 already installed. That's not a problem though, I still have my Service Pack 2 CD and I originally installed Service Pack 3 via Windows Update. (If I remember correctly.) However in this circumstance I would have to download Service Pack 3 from the Service Pack Center.
-
The auto-fix ran but did not work. After the reboot I tried turning Windows Firewall back on with Secruity Center with no luck. I also tried turning it on manually. For both tries the same exact messages as before were displayed.
Microsoft Security Essentials uninstalled and then reinstalled properly. I ran a Quick Scan and no threats were detected. Microsoft Security Essentials seems to be functioning like it is supposed to. The installation wizard for it noticed that Windows Firewall was not on and attempted to turn it on. It was unable to due to an "unknown error".
-
ComboFix uninstalled successfully and I deleted SecurityCheck. I have still haven't done the Java update nor the Windows updates because of your phasing of "after that". Which I'm assuming is after TFC runs sucessfully, after the uninstallation of ComboFix and the deletion of SecurityCheck. Of which, only the latter two were done.
-
Have you tried uninstalling and reinstalling Microsoft Security Essentials? DId you mean Microsoft Security Essentials instead of Windows Security Essentials?
I have not tried uninstalling and reinstalling it yet because of the other processes we've been using. Yes, I did mean Microsoft Security Essentials. I was a pretty tired when I posted that.
Yes feel free to turn it on.I am unable to. When I try using Security Center to turn it on it displays a message saying.
We're sorry. The Security Center could not turn on Windows
Firewall. To try turning on the firewall yourself, go to Windows
Firewall in Control Panel. In the Windows Fire dialog General tab,
select On (recommended), and then click OK.
The only button is Close.
When I try following the instructions given by Security Center I get a message from Windows Firewall saying
Due to an unidentified problem, Windows cannot display Windows Firewall settings.
The only button is OK.
Run TFC by OldTimer to clear temporary files:
When I launch TFC and click the Start button. It appears to begin it's process. However it only gets this far:
Getting user folders.
Stopping running processes.
I came back to it a few hours later and it was still there. After a few more trys, it keeps freezing there. It also freezes the computer where I can only move my mouse.
I have not attempted to uninstall ComboFix or install the Java and Windows updates yet.
-
Issues that remain:
1. Windows Security Essentials still displays error code: 0x80070424 whenever I try to turn it back on. I'm thinking about uninstalling it and getting the free version of AVG.
2. Windows Firewall is off whenever I turn on the infected computer. Can I turn Windows Firewall back on now, or do we still have to run programs that it would interfere with?
3. I have a Java update to do as well as some Windows updates that appear on occation upon startup which I've been holding off on for the duration of the cleaning process.
4. Are there any other measures that we need to take for the HTML/ScrInject.B.Gen virus or any of those trojan's?
The following is checkup.txt.
Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
ESET Online Scanner v3
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java 6 Update 32
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
-
Here's the ESET Online Scanner log. It appears like it got rid of 10 instants of the HTML/Scr/Inject.B.Gen virus as well as some Trojans. I will now download Security Check as instructed. We're making progress. 1 virus at a time.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6e3b90d71ab0084e972b575a6f74385b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-25 09:10:52
# local_time=2012-07-25 05:10:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 76150224 76150224 0 0
# compatibility_mode=5891 16776549 42 92 658087 10317741 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=254769
# found=26
# cleaned=26
# scan_time=7648
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FB9GU0Z6\fpi[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FB9GU0Z6\fpi[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FB9GU0Z6\fpi[4].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FB9GU0Z6\kitten-falling-asleep-standing-up[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GFZQCXA7\fpi[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HYK8SR82\fpi[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HYK8SR82\hidden-kitten[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MSGMBS8Y\cute-sleepy-kittens-meowing[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MSGMBS8Y\cute-sleepy-kittens-meowing[2].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MSGMBS8Y\kittyflix_com[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nick\Desktop\Installers\AutoRefresher.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nick\Desktop\Installers\Retrogamer.exe Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\n Win32/Sirefef.EV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nick\Local Settings\Application Data\{baebeb56-d64c-3f43-ac11-15634174457b}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Free Download Manager\Extras\setup.exe Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\Installer\{baebeb56-d64c-3f43-ac11-15634174457b}\n.vir Win32/Sirefef.EV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\Installer\{baebeb56-d64c-3f43-ac11-15634174457b}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\SEGA\SRALLY\OBJECT2P.TEX probably a variant of Win32/Agent.HSLEEMG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.07.2012_18.03.51\mbr0000\tdlfs0000\tsk0012.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
One zipped folder coming up!
-
When I attempted to attach MBR.dat I got a standard forum error message saying:
MBR.dat
You aren't permitted to upload this kind of file.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-20 18:30:51
-----------------------------
18:30:51.812 OS Version: Windows 5.1.2600 Service Pack 3
18:30:51.812 Number of processors: 1 586 0x1601
18:30:51.812 ComputerName: RMPCOMPUTER UserName: Nick
18:30:52.843 Initialize success
18:31:25.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:31:25.593 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3
18:31:25.609 Disk 0 MBR read successfully
18:31:25.609 Disk 0 MBR scan
18:31:25.609 Disk 0 unknown MBR code
18:31:25.609 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
18:31:25.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108470 MB offset 128520
18:31:25.625 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 222275340
18:31:25.671 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3380 MB offset 227512530
18:31:25.671 Disk 0 Partition 4 00 DD MSDOS5.0 2557 MB offset 222275403
18:31:25.687 Disk 0 scanning sectors +234436545
18:31:25.765 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:36.484 Service scanning
18:31:56.765 Modules scanning
18:32:04.718 Disk 0 trace - called modules:
18:32:04.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:32:04.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5d7ab8]
18:32:04.781 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a5f4030]
18:32:04.796 Scan finished successfully
18:33:19.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nick\Desktop\MBR.dat"
18:33:19.750 The log file has been saved successfully to "C:\Documents and Settings\Nick\Desktop\aswMBR.txt"
-
aswMBR said that it could use Avast! Free Antivirus for better detection results and then asked me if I would like to download the lastest Avast! virus definitions. Would I have to download Avast! first and then download it's definitions by clicking on the "Yes" button, or does "definitions" mean downloading the program?
Also, I know that sometimes antivirus programs "fight" each other. Would downloading Avast! interfere with MBAM or any other processes that we are using? Rather, should I download Avast! before running aswMBR?
Sorry if any of these questions seem dumb, I just don't want to mess anything up.
-
Oops, I mistakenly clicked "Post" before pasting the log. Sorry about that.
18:03:50.0609 3880 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:03:51.0000 3880 ============================================================
18:03:51.0000 3880 Current date / time: 2012/07/19 18:03:51.0000
18:03:51.0000 3880 SystemInfo:
18:03:51.0000 3880
18:03:51.0000 3880 OS Version: 5.1.2600 ServicePack: 3.0
18:03:51.0000 3880 Product type: Workstation
18:03:51.0000 3880 ComputerName: RMPCOMPUTER
18:03:51.0000 3880 UserName: Nick
18:03:51.0000 3880 Windows directory: C:\WINDOWS
18:03:51.0000 3880 System windows directory: C:\WINDOWS
18:03:51.0000 3880 Processor architecture: Intel x86
18:03:51.0000 3880 Number of processors: 1
18:03:51.0000 3880 Page size: 0x1000
18:03:51.0000 3880 Boot type: Normal boot
18:03:51.0000 3880 ============================================================
18:03:51.0609 3880 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:03:51.0609 3880 ============================================================
18:03:51.0609 3880 \Device\Harddisk0\DR0:
18:03:51.0609 3880 MBR partitions:
18:03:51.0609 3880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0xD3DB104
18:03:51.0625 3880 ============================================================
18:03:51.0687 3880 C: <-> \Device\Harddisk0\DR0\Partition0
18:03:51.0687 3880 ============================================================
18:03:51.0687 3880 Initialize success
18:03:51.0687 3880 ============================================================
18:03:53.0578 0800 ============================================================
18:03:53.0578 0800 Scan started
18:03:53.0578 0800 Mode: Manual;
18:03:53.0578 0800 ============================================================
18:03:54.0343 0800 Abiosdsk - ok
18:03:54.0453 0800 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:03:54.0453 0800 abp480n5 - ok
18:03:54.0531 0800 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
18:03:54.0531 0800 ac97intc - ok
18:03:54.0593 0800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:03:54.0593 0800 ACPI - ok
18:03:54.0656 0800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:03:54.0656 0800 ACPIEC - ok
18:03:54.0750 0800 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:54.0750 0800 AdobeFlashPlayerUpdateSvc - ok
18:03:54.0796 0800 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:03:54.0796 0800 adpu160m - ok
18:03:54.0843 0800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:03:54.0843 0800 aec - ok
18:03:54.0906 0800 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
18:03:54.0906 0800 Afc - ok
18:03:54.0953 0800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:03:54.0953 0800 AFD - ok
18:03:55.0031 0800 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:03:55.0031 0800 agp440 - ok
18:03:55.0078 0800 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:03:55.0078 0800 agpCPQ - ok
18:03:55.0171 0800 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:03:55.0171 0800 Aha154x - ok
18:03:55.0234 0800 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:03:55.0234 0800 aic78u2 - ok
18:03:55.0296 0800 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:03:55.0296 0800 aic78xx - ok
18:03:55.0390 0800 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:03:55.0390 0800 Alerter - ok
18:03:55.0453 0800 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:03:55.0453 0800 ALG - ok
18:03:55.0484 0800 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:03:55.0484 0800 AliIde - ok
18:03:55.0515 0800 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:03:55.0515 0800 alim1541 - ok
18:03:55.0546 0800 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:03:55.0546 0800 amdagp - ok
18:03:55.0578 0800 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:03:55.0578 0800 amsint - ok
18:03:55.0640 0800 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:03:55.0640 0800 ApfiltrService - ok
18:03:55.0703 0800 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:03:55.0718 0800 APPDRV - ok
18:03:55.0718 0800 AppMgmt - ok
18:03:55.0781 0800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:03:55.0781 0800 Arp1394 - ok
18:03:55.0828 0800 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:03:55.0828 0800 asc - ok
18:03:55.0859 0800 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:03:55.0859 0800 asc3350p - ok
18:03:55.0921 0800 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:03:55.0921 0800 asc3550 - ok
18:03:56.0046 0800 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:03:56.0062 0800 aspnet_state - ok
18:03:56.0109 0800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:03:56.0109 0800 AsyncMac - ok
18:03:56.0156 0800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:03:56.0156 0800 atapi - ok
18:03:56.0171 0800 Atdisk - ok
18:03:56.0250 0800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:03:56.0250 0800 Atmarpc - ok
18:03:56.0312 0800 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:03:56.0312 0800 AudioSrv - ok
18:03:56.0375 0800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:03:56.0375 0800 audstub - ok
18:03:56.0562 0800 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:03:56.0593 0800 BCM43XX - ok
18:03:56.0687 0800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:03:56.0687 0800 Beep - ok
18:03:56.0750 0800 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\WINDOWS\system32\bgsvcgen.exe
18:03:56.0750 0800 bgsvcgen - ok
18:03:56.0796 0800 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:03:56.0796 0800 BITS - ok
18:03:56.0843 0800 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:03:56.0843 0800 Browser - ok
18:03:56.0984 0800 catchme - ok
18:03:57.0031 0800 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:03:57.0031 0800 cbidf - ok
18:03:57.0046 0800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:03:57.0046 0800 cbidf2k - ok
18:03:57.0125 0800 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:03:57.0125 0800 CCDECODE - ok
18:03:57.0187 0800 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:03:57.0187 0800 cd20xrnt - ok
18:03:57.0250 0800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:03:57.0250 0800 Cdaudio - ok
18:03:57.0265 0800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:03:57.0281 0800 Cdfs - ok
18:03:57.0296 0800 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
18:03:57.0296 0800 cdrbsdrv - ok
18:03:57.0312 0800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:03:57.0312 0800 Cdrom - ok
18:03:57.0328 0800 Changer - ok
18:03:57.0375 0800 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:03:57.0375 0800 CiSvc - ok
18:03:57.0406 0800 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:03:57.0406 0800 ClipSrv - ok
18:03:57.0531 0800 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:57.0578 0800 clr_optimization_v2.0.50727_32 - ok
18:03:57.0593 0800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:03:57.0593 0800 CmBatt - ok
18:03:57.0625 0800 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:03:57.0625 0800 CmdIde - ok
18:03:57.0671 0800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:03:57.0671 0800 Compbatt - ok
18:03:57.0687 0800 COMSysApp - ok
18:03:57.0703 0800 coqicavp - ok
18:03:57.0750 0800 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:03:57.0750 0800 Cpqarray - ok
18:03:57.0812 0800 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:03:57.0812 0800 CryptSvc - ok
18:03:58.0062 0800 da6c4568 - ok
18:03:58.0218 0800 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:03:58.0218 0800 dac2w2k - ok
18:03:58.0250 0800 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:03:58.0250 0800 dac960nt - ok
18:03:58.0312 0800 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
18:03:58.0312 0800 DCamUSBEMPIA - ok
18:03:58.0390 0800 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:03:58.0390 0800 DcomLaunch - ok
18:03:58.0437 0800 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:03:58.0437 0800 Dhcp - ok
18:03:58.0484 0800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:03:58.0484 0800 Disk - ok
18:03:58.0640 0800 dldtCATSCustConnectService (65478ed59558e70cafc766734616a7d7) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
18:03:58.0640 0800 dldtCATSCustConnectService - ok
18:03:58.0640 0800 dldt_device - ok
18:03:58.0656 0800 dmadmin - ok
18:03:58.0734 0800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:03:58.0750 0800 dmboot - ok
18:03:58.0781 0800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:03:58.0796 0800 dmio - ok
18:03:58.0828 0800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:03:58.0828 0800 dmload - ok
18:03:58.0906 0800 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:03:58.0906 0800 dmserver - ok
18:03:58.0937 0800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:03:58.0937 0800 DMusic - ok
18:03:58.0984 0800 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:03:58.0984 0800 Dnscache - ok
18:03:59.0046 0800 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:03:59.0046 0800 Dot3svc - ok
18:03:59.0078 0800 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:03:59.0078 0800 dpti2o - ok
18:03:59.0187 0800 DragonSvc (bb45013a0e6ec0f39be4ef663ff2e993) C:\Program Files\Common Files\Nuance\dgnsvc.exe
18:03:59.0187 0800 DragonSvc - ok
18:03:59.0250 0800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:03:59.0250 0800 drmkaud - ok
18:03:59.0296 0800 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:03:59.0296 0800 E100B - ok
18:03:59.0328 0800 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:03:59.0328 0800 EapHost - ok
18:03:59.0328 0800 eaquwnwq - ok
18:03:59.0390 0800 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys
18:03:59.0390 0800 emAudio - ok
18:03:59.0437 0800 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:03:59.0437 0800 ERSvc - ok
18:03:59.0515 0800 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:03:59.0515 0800 Eventlog - ok
18:03:59.0593 0800 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:03:59.0593 0800 EventSystem - ok
18:03:59.0718 0800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:03:59.0718 0800 Fastfat - ok
18:03:59.0796 0800 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:03:59.0796 0800 FastUserSwitchingCompatibility - ok
18:03:59.0859 0800 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:03:59.0859 0800 Fax - ok
18:03:59.0906 0800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:03:59.0906 0800 Fdc - ok
18:03:59.0921 0800 fdjdopff - ok
18:03:59.0968 0800 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
18:03:59.0968 0800 FiltUSBEMPIA - ok
18:04:00.0031 0800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:04:00.0031 0800 Fips - ok
18:04:00.0046 0800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:04:00.0046 0800 Flpydisk - ok
18:04:00.0078 0800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:04:00.0078 0800 FltMgr - ok
18:04:00.0312 0800 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:00.0328 0800 FontCache3.0.0.0 - ok
18:04:00.0375 0800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:04:00.0390 0800 Fs_Rec - ok
18:04:00.0406 0800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:04:00.0406 0800 Ftdisk - ok
18:04:00.0546 0800 GameConsoleService (bc4d691a2f3339fe89726d4959c79996) C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
18:04:00.0546 0800 GameConsoleService - ok
18:04:00.0609 0800 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
18:04:00.0609 0800 GoToAssist - ok
18:04:00.0734 0800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:04:00.0734 0800 Gpc - ok
18:04:01.0078 0800 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:04:01.0078 0800 gupdate - ok
18:04:01.0078 0800 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:04:01.0093 0800 gupdatem - ok
18:04:01.0093 0800 gxxbvgwq - ok
18:04:01.0203 0800 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:04:01.0203 0800 hamachi - ok
18:04:01.0250 0800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:04:01.0265 0800 HDAudBus - ok
18:04:01.0562 0800 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:04:01.0562 0800 helpsvc - ok
18:04:01.0578 0800 hfciwqcu - ok
18:04:01.0578 0800 HidServ - ok
18:04:01.0656 0800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:04:01.0656 0800 HidUsb - ok
18:04:01.0890 0800 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:04:01.0890 0800 hkmsvc - ok
18:04:02.0078 0800 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:04:02.0078 0800 hpn - ok
18:04:02.0375 0800 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:04:02.0390 0800 hpqcxs08 - ok
18:04:02.0531 0800 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:04:02.0531 0800 hpqddsvc - ok
18:04:02.0609 0800 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:04:02.0609 0800 HPSLPSVC - ok
18:04:02.0671 0800 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:04:02.0671 0800 HPZid412 - ok
18:04:02.0718 0800 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:04:02.0718 0800 HPZipr12 - ok
18:04:02.0765 0800 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:04:02.0765 0800 HPZius12 - ok
18:04:02.0859 0800 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:04:02.0859 0800 HSFHWAZL - ok
18:04:03.0343 0800 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:04:03.0359 0800 HSF_DPV - ok
18:04:03.0421 0800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:04:03.0421 0800 HTTP - ok
18:04:03.0515 0800 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:04:03.0515 0800 HTTPFilter - ok
18:04:03.0593 0800 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:04:03.0625 0800 i2omgmt - ok
18:04:03.0734 0800 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:04:03.0750 0800 i2omp - ok
18:04:03.0953 0800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:04:03.0953 0800 i8042prt - ok
18:04:05.0218 0800 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:04:05.0734 0800 ialm - ok
18:04:06.0140 0800 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
18:04:06.0140 0800 iaStor - ok
18:04:06.0890 0800 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:07.0125 0800 idsvc - ok
18:04:07.0140 0800 ieakgnib - ok
18:04:07.0406 0800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:04:07.0421 0800 Imapi - ok
18:04:07.0625 0800 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:04:07.0625 0800 ImapiService - ok
18:04:07.0750 0800 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:04:07.0750 0800 ini910u - ok
18:04:08.0062 0800 IntcHdmiAddService (99d47d1cf700982b37cce16b068449f0) C:\WINDOWS\system32\drivers\IntcHdmi.sys
18:04:08.0062 0800 IntcHdmiAddService - ok
18:04:08.0093 0800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:04:08.0093 0800 IntelIde - ok
18:04:08.0203 0800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:04:08.0203 0800 intelppm - ok
18:04:08.0296 0800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:04:08.0296 0800 Ip6Fw - ok
18:04:08.0437 0800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:04:08.0453 0800 IpFilterDriver - ok
18:04:08.0609 0800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:04:08.0609 0800 IpInIp - ok
18:04:09.0015 0800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:04:09.0015 0800 IpNat - ok
18:04:09.0125 0800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:04:09.0125 0800 IPSec - ok
18:04:09.0187 0800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:04:09.0187 0800 IRENUM - ok
18:04:09.0328 0800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:04:09.0328 0800 isapnp - ok
18:04:09.0500 0800 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
18:04:09.0500 0800 JavaQuickStarterService - ok
18:04:09.0625 0800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:04:09.0625 0800 Kbdclass - ok
18:04:10.0031 0800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:04:10.0031 0800 kmixer - ok
18:04:10.0500 0800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:04:10.0500 0800 KSecDD - ok
18:04:10.0734 0800 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:04:10.0734 0800 lanmanserver - ok
18:04:10.0828 0800 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:04:10.0828 0800 lanmanworkstation - ok
18:04:10.0843 0800 lbrtfdc - ok
18:04:10.0906 0800 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:04:10.0906 0800 LmHosts - ok
18:04:11.0015 0800 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
18:04:11.0015 0800 ManyCam - ok
18:04:12.0140 0800 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
18:04:12.0140 0800 MarvinBus - ok
18:04:12.0187 0800 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
18:04:12.0187 0800 MBAMProtector - ok
18:04:12.0265 0800 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:12.0281 0800 MBAMService - ok
18:04:12.0437 0800 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:04:12.0437 0800 mdmxsdk - ok
18:04:12.0515 0800 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:04:12.0515 0800 Messenger - ok
18:04:12.0593 0800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:04:12.0625 0800 mnmdd - ok
18:04:12.0890 0800 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:04:12.0890 0800 mnmsrvc - ok
18:04:13.0390 0800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:04:13.0390 0800 Modem - ok
18:04:13.0453 0800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:04:13.0453 0800 Mouclass - ok
18:04:13.0578 0800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:04:13.0578 0800 MountMgr - ok
18:04:13.0734 0800 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
18:04:13.0750 0800 MPE - ok
18:04:13.0890 0800 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:04:13.0890 0800 MpFilter - ok
18:04:13.0937 0800 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:04:13.0953 0800 mraid35x - ok
18:04:14.0000 0800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:04:14.0031 0800 MRxDAV - ok
18:04:14.0203 0800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:04:14.0218 0800 MRxSmb - ok
18:04:14.0343 0800 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:04:14.0343 0800 MSDTC - ok
18:04:14.0359 0800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:04:14.0359 0800 Msfs - ok
18:04:14.0375 0800 MSIServer - ok
18:04:14.0437 0800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:04:14.0437 0800 MSKSSRV - ok
18:04:14.0500 0800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:04:14.0500 0800 MSPCLOCK - ok
18:04:14.0546 0800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:04:14.0546 0800 MSPQM - ok
18:04:14.0671 0800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:04:14.0671 0800 mssmbios - ok
18:04:14.0796 0800 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:04:14.0796 0800 MSTEE - ok
18:04:15.0093 0800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:04:15.0125 0800 Mup - ok
18:04:15.0453 0800 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:04:15.0484 0800 NABTSFEC - ok
18:04:16.0328 0800 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:04:16.0453 0800 napagent - ok
18:04:16.0656 0800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:04:16.0703 0800 NDIS - ok
18:04:16.0781 0800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:04:16.0781 0800 NdisIP - ok
18:04:16.0953 0800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:04:16.0953 0800 NdisTapi - ok
18:04:16.0968 0800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:04:16.0968 0800 Ndisuio - ok
18:04:17.0000 0800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:04:17.0000 0800 NdisWan - ok
18:04:17.0218 0800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:04:17.0218 0800 NDProxy - ok
18:04:17.0468 0800 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
18:04:17.0468 0800 Net Driver HPZ12 - ok
18:04:17.0687 0800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:04:17.0687 0800 NetBIOS - ok
18:04:18.0125 0800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:04:18.0328 0800 NetBT - ok
18:04:18.0562 0800 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:04:18.0562 0800 NetDDE - ok
18:04:18.0562 0800 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:04:18.0578 0800 NetDDEdsdm - ok
18:04:18.0781 0800 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:04:18.0796 0800 Netlogon - ok
18:04:19.0000 0800 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:04:19.0000 0800 Netman - ok
18:04:19.0296 0800 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:19.0312 0800 NetTcpPortSharing - ok
18:04:19.0765 0800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:04:19.0812 0800 NIC1394 - ok
18:04:20.0500 0800 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:04:20.0500 0800 Nla - ok
18:04:22.0265 0800 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
18:04:22.0500 0800 nmservice - ok
18:04:22.0734 0800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:04:22.0750 0800 Npfs - ok
18:04:22.0750 0800 nqjuhdju - ok
18:04:22.0812 0800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:04:22.0828 0800 Ntfs - ok
18:04:22.0984 0800 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:04:22.0984 0800 NtLmSsp - ok
18:04:23.0218 0800 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:04:23.0265 0800 NtmsSvc - ok
18:04:23.0328 0800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:04:23.0343 0800 Null - ok
18:04:24.0109 0800 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:04:24.0265 0800 nv - ok
18:04:24.0406 0800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:04:24.0421 0800 NwlnkFlt - ok
18:04:24.0484 0800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:04:24.0484 0800 NwlnkFwd - ok
18:04:25.0203 0800 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:04:25.0218 0800 odserv - ok
18:04:25.0265 0800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:04:25.0265 0800 ohci1394 - ok
18:04:25.0328 0800 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:25.0343 0800 ose - ok
18:04:25.0343 0800 otvwtogq - ok
18:04:25.0406 0800 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
18:04:25.0406 0800 ovt519 - ok
18:04:25.0468 0800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:04:25.0468 0800 Parport - ok
18:04:25.0468 0800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:04:25.0484 0800 PartMgr - ok
18:04:25.0546 0800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:04:25.0546 0800 ParVdm - ok
18:04:25.0640 0800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:04:25.0640 0800 PCI - ok
18:04:25.0656 0800 PCIDump - ok
18:04:25.0843 0800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:04:25.0843 0800 PCIIde - ok
18:04:26.0031 0800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:04:26.0031 0800 Pcmcia - ok
18:04:26.0046 0800 PDCOMP - ok
18:04:26.0062 0800 PDFRAME - ok
18:04:26.0062 0800 PDRELI - ok
18:04:26.0078 0800 PDRFRAME - ok
18:04:26.0109 0800 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:04:26.0109 0800 perc2 - ok
18:04:26.0140 0800 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:04:26.0140 0800 perc2hib - ok
18:04:26.0171 0800 pljvprgz - ok
18:04:26.0265 0800 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:04:26.0265 0800 PlugPlay - ok
18:04:26.0312 0800 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
18:04:26.0328 0800 Pml Driver HPZ12 - ok
18:04:26.0359 0800 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
18:04:26.0359 0800 pnarp - ok
18:04:26.0375 0800 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:04:26.0375 0800 PolicyAgent - ok
18:04:26.0421 0800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:04:26.0421 0800 PptpMiniport - ok
18:04:26.0437 0800 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:04:26.0437 0800 ProtectedStorage - ok
18:04:26.0437 0800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:04:26.0453 0800 PSched - ok
18:04:26.0484 0800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:04:26.0484 0800 Ptilink - ok
18:04:26.0500 0800 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
18:04:26.0500 0800 purendis - ok
18:04:26.0546 0800 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:04:26.0562 0800 PxHelp20 - ok
18:04:26.0609 0800 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:04:26.0671 0800 ql1080 - ok
18:04:27.0031 0800 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:04:27.0078 0800 Ql10wnt - ok
18:04:27.0296 0800 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:04:27.0312 0800 ql12160 - ok
18:04:27.0453 0800 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:04:27.0453 0800 ql1240 - ok
18:04:27.0500 0800 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:04:27.0500 0800 ql1280 - ok
18:04:27.0515 0800 qlsgyfda - ok
18:04:27.0515 0800 qvikqtje - ok
18:04:27.0578 0800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:04:27.0578 0800 RasAcd - ok
18:04:27.0859 0800 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:04:27.0953 0800 RasAuto - ok
18:04:28.0312 0800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:04:28.0312 0800 Rasl2tp - ok
18:04:28.0562 0800 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:04:28.0562 0800 RasMan - ok
18:04:28.0578 0800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:04:28.0578 0800 RasPppoe - ok
18:04:28.0593 0800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:04:28.0593 0800 Raspti - ok
18:04:29.0046 0800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:04:29.0062 0800 Rdbss - ok
18:04:29.0109 0800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:04:29.0140 0800 RDPCDD - ok
18:04:29.0281 0800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:04:29.0281 0800 rdpdr - ok
18:04:29.0515 0800 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:04:29.0531 0800 RDPWD - ok
18:04:29.0734 0800 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:04:29.0734 0800 RDSessMgr - ok
18:04:29.0921 0800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:04:29.0921 0800 redbook - ok
18:04:30.0093 0800 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:04:30.0093 0800 RemoteAccess - ok
18:04:30.0265 0800 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:04:30.0265 0800 rimmptsk - ok
18:04:30.0296 0800 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
18:04:30.0296 0800 rimsptsk - ok
18:04:30.0359 0800 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
18:04:30.0359 0800 rismxdp - ok
18:04:30.0468 0800 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:04:30.0484 0800 RpcLocator - ok
18:04:30.0859 0800 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:04:30.0859 0800 RpcSs - ok
18:04:30.0953 0800 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:04:30.0984 0800 RSVP - ok
18:04:31.0093 0800 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:04:31.0093 0800 SamSs - ok
18:04:31.0203 0800 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
18:04:31.0203 0800 ScanUSBEMPIA - ok
18:04:31.0312 0800 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:04:31.0328 0800 SCardSvr - ok
18:04:31.0562 0800 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:04:31.0562 0800 Schedule - ok
18:04:31.0796 0800 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:04:31.0921 0800 sdbus - ok
18:04:32.0015 0800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:04:32.0078 0800 Secdrv - ok
18:04:32.0109 0800 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:04:32.0109 0800 seclogon - ok
18:04:32.0140 0800 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:04:32.0140 0800 SENS - ok
18:04:32.0328 0800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:04:32.0328 0800 serenum - ok
18:04:32.0468 0800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:04:32.0468 0800 Serial - ok
18:04:32.0531 0800 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:04:32.0531 0800 sffdisk - ok
18:04:32.0562 0800 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:04:32.0562 0800 sffp_sd - ok
18:04:32.0656 0800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:04:32.0671 0800 Sfloppy - ok
18:04:33.0015 0800 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:04:33.0015 0800 ShellHWDetection - ok
18:04:33.0031 0800 Simbad - ok
18:04:33.0218 0800 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:04:33.0218 0800 sisagp - ok
18:04:33.0234 0800 skkbnvwa - ok
18:04:33.0375 0800 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:04:33.0390 0800 SLIP - ok
18:04:33.0562 0800 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:04:33.0562 0800 Sparrow - ok
18:04:33.0593 0800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:04:33.0593 0800 splitter - ok
18:04:33.0750 0800 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:04:33.0750 0800 Spooler - ok
18:04:33.0796 0800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:04:33.0796 0800 sr - ok
18:04:34.0093 0800 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:04:34.0140 0800 srservice - ok
18:04:34.0390 0800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:04:34.0437 0800 Srv - ok
18:04:34.0546 0800 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:04:34.0546 0800 SSDPSRV - ok
18:04:34.0843 0800 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\STacSV.exe
18:04:34.0859 0800 STacSV - ok
18:04:35.0140 0800 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
18:04:35.0140 0800 STHDA - ok
18:04:35.0421 0800 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:04:35.0578 0800 stisvc - ok
18:04:36.0046 0800 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:04:36.0062 0800 stllssvr - ok
18:04:36.0328 0800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:04:36.0328 0800 streamip - ok
18:04:36.0390 0800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:04:36.0390 0800 swenum - ok
18:04:36.0421 0800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:04:36.0421 0800 swmidi - ok
18:04:36.0421 0800 SwPrv - ok
18:04:36.0500 0800 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:04:36.0500 0800 symc810 - ok
18:04:36.0546 0800 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:04:36.0546 0800 symc8xx - ok
18:04:36.0562 0800 SymIM - ok
18:04:36.0578 0800 SymIMMP - ok
18:04:36.0656 0800 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:04:36.0671 0800 sym_hi - ok
18:04:36.0703 0800 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:04:36.0703 0800 sym_u3 - ok
18:04:36.0859 0800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:04:36.0859 0800 sysaudio - ok
18:04:36.0921 0800 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:04:36.0921 0800 SysmonLog - ok
18:04:37.0109 0800 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:04:37.0109 0800 TapiSrv - ok
18:04:37.0218 0800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:04:37.0218 0800 Tcpip - ok
18:04:37.0281 0800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:04:37.0281 0800 TDPIPE - ok
18:04:37.0359 0800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:04:37.0359 0800 TDTCP - ok
18:04:37.0375 0800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:04:37.0375 0800 TermDD - ok
18:04:37.0781 0800 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:04:37.0812 0800 TermService - ok
18:04:38.0062 0800 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:04:38.0062 0800 Themes - ok
18:04:38.0140 0800 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:04:38.0140 0800 TosIde - ok
18:04:38.0312 0800 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:04:38.0328 0800 TrkWks - ok
18:04:38.0531 0800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:04:38.0609 0800 Udfs - ok
18:04:38.0890 0800 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:04:38.0890 0800 ultra - ok
18:04:39.0000 0800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:04:39.0015 0800 Update - ok
18:04:39.0093 0800 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:04:39.0093 0800 upnphost - ok
18:04:39.0140 0800 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:04:39.0140 0800 UPS - ok
18:04:39.0250 0800 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:04:39.0265 0800 usbaudio - ok
18:04:39.0343 0800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:04:39.0343 0800 usbccgp - ok
18:04:39.0484 0800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:04:39.0484 0800 usbehci - ok
18:04:39.0562 0800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:04:39.0578 0800 usbhub - ok
18:04:39.0718 0800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:04:39.0718 0800 usbprint - ok
18:04:39.0812 0800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:04:39.0812 0800 usbscan - ok
18:04:39.0828 0800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:04:39.0828 0800 USBSTOR - ok
18:04:39.0968 0800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:04:39.0968 0800 usbuhci - ok
18:04:40.0250 0800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:04:40.0250 0800 VgaSave - ok
18:04:40.0312 0800 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:04:40.0312 0800 viaagp - ok
18:04:40.0390 0800 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:04:40.0437 0800 ViaIde - ok
18:04:40.0593 0800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:04:40.0593 0800 VolSnap - ok
18:04:40.0796 0800 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:04:40.0812 0800 VSS - ok
18:04:40.0859 0800 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:04:40.0875 0800 w32time - ok
18:04:40.0968 0800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:04:40.0968 0800 Wanarp - ok
18:04:41.0109 0800 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:04:41.0109 0800 wanatw - ok
18:04:41.0265 0800 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:04:41.0265 0800 Wdf01000 - ok
18:04:41.0281 0800 WDICA - ok
18:04:41.0562 0800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:04:41.0562 0800 wdmaud - ok
18:04:41.0859 0800 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:04:42.0000 0800 WebClient - ok
18:04:42.0265 0800 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:04:42.0281 0800 winachsf - ok
18:04:42.0390 0800 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:04:42.0390 0800 winmgmt - ok
18:04:42.0406 0800 wltrysvc - ok
18:04:42.0546 0800 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:04:42.0562 0800 WmdmPmSN - ok
18:04:42.0609 0800 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:04:42.0609 0800 WmiAcpi - ok
18:04:43.0093 0800 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:04:43.0093 0800 WmiApSrv - ok
18:04:43.0359 0800 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:04:43.0375 0800 WMPNetworkSvc - ok
18:04:43.0437 0800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:04:43.0437 0800 WS2IFSL - ok
18:04:43.0546 0800 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:04:43.0562 0800 wscsvc - ok
18:04:43.0687 0800 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:04:43.0703 0800 WSTCODEC - ok
18:04:43.0765 0800 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:04:43.0765 0800 wuauserv - ok
18:04:43.0843 0800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:04:43.0843 0800 WudfPf - ok
18:04:43.0906 0800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:04:43.0906 0800 WudfRd - ok
18:04:44.0015 0800 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:04:44.0031 0800 WudfSvc - ok
18:04:44.0125 0800 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:04:44.0140 0800 WZCSVC - ok
18:04:44.0203 0800 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:04:44.0218 0800 xmlprov - ok
18:04:44.0281 0800 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:04:44.0296 0800 yukonwxp - ok
18:04:44.0312 0800 zbuqofzb - ok
18:04:44.0359 0800 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
18:04:44.0390 0800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:04:44.0390 0800 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:04:44.0437 0800 Boot (0x1200) (3d29cc69c87f8d467699318942ce0f3f) \Device\Harddisk0\DR0\Partition0
18:04:44.0437 0800 \Device\Harddisk0\DR0\Partition0 - ok
18:04:44.0453 0800 ============================================================
18:04:44.0453 0800 Scan finished
18:04:44.0453 0800 ============================================================
18:04:44.0468 2268 Detected object count: 1
18:04:44.0468 2268 Actual detected object count: 1
18:05:09.0765 2268 \Device\Harddisk0\DR0\# - copied to quarantine
18:05:09.0765 2268 \Device\Harddisk0\DR0 - copied to quarantine
18:05:09.0812 2268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:05:09.0859 2268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:05:09.0875 2268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:05:09.0890 2268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:05:09.0906 2268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:05:09.0906 2268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:05:09.0921 2268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:05:10.0000 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:05:10.0015 2268 \Device\Harddisk0\DR0 - ok
18:05:10.0015 2268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:06:07.0687 2052 Deinitialize success
-
Something I just noticed before the TDSSKiller scan is that MBAM was no longer displaying the two messages on start-up anymore. If I'm remembering correctly, it stopped displaying those messages on start-up 2 days ago. However, I specifically noticed that they were no longer being displayed after the reboot with TDSSKiller.
As the log probably tells you, TDSSKiller took the action of "Cure" when it encountered Rootkit.Boot.Pihar.c and it quarantined 15 other objects. Rootkit was the only threat detected.
TDSSKiller only processed 354 objects (which seems about right for a scan duration of 1 minute and 16 seconds.) Is processing only 354 objects normal?
The following is the TDSSKiller log.
-
Windows Firefall is off, I turned MBAM off as Bleeping Computer's guide instructs and again I launched sega.com via that command you gave me, this time accepting the update, ComboFix extracted/installed and then launched. It never displayed "Please wait. ComboFix is preparing to run." It backed up the Windows Registry before launching Command Prompt and when it did launch Command Prompt, it displayed the same blue screen as it's supposed to have. Once again, it did not display any more text nor disconnect my computer from the internet when it was supposed to. After 30 minutes of no activity I attempted to close it. The X button didn't work and I could not launch Task Manager so I held the power button, same as before.
-
sega.com prompted me with an update which I clicked "No." because I have no idea if the download link you gave me was the exact version I should use or if I should update it. It seemed to install correctly and the blue screen for Command Prompt came up. However it did not display "Please wait. ComboFix is preparing to run." It just stayed blank and I attempted to stop it after 30 minutes of no activity. The X button did nothing and Task Manager wouldn't launch either. So I just ended up having to hold the power button.
Upon reboot, my firewall is now turned off. Before I couldn't get to the settings to do so, but now it's off.
Should I have updated ComboFix? (sega.com)
-
When I booted normally to type this message, MBAM displayed the same message as always, blocking the malcious process. However, this time when I clicked Quarantine it displayed the following message:
Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below.
C:\DOCUMENTS AND SETTINGS\NICK\LOCAL SETTINGS\APPLICATION
DATA\{BAEBEB56-D64C-3F43-AC11-15634174457B}\U\00000004.@
ROOTKIT.0ACCESS
Of course I clicked "Quarantine" for that message as well.
Some information I forgot to mention:
The download of ComboFix as sega.com was successful. This time, instead of the the Thundercats logo, it displays the the "blank white window" logo.
Also, MBAM is asking to download and install the latest version, despite that it just did an auto-update. As of now, I have taken no action towards it.
-
When I went to boot from Safe Mode, the computer began the boot process. However, when the screen displayed the following:
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\pci.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\isapnp.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\compbatt.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\BATTC.SYS
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\pciide.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\MountMyr.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\ftdisk.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\PartMgr.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\VolSnap.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\atapi.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\drivers\iaStor.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\disk.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\drivers\fltmgr.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\sr.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\MpFilter.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\PxHelp20.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\KSecDD.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Ntfs.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\NDIS.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\ohci1394.sys
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\1394BUS.SYS
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Mup.sys
The screen froze for a few seconds and then displayed the "blue screen of death" with the following message:
A problem has been detected and Windows has been shut down to prevent damage
to your computer.
If this is the first time you've seen this Stop error screen,
restart your computer. If this screen appears again, follow
these steps:
Check to be sure you have adequate disk space, If a driver is
identified in the Stop message, disable the driver or check
with the manufacturer for driver updates. Try changing video
adapters.
Check with your hardware vendor for any BIOS updates. Disable
BIOS memory options such as caching or shadowing. If you need
to use Safe Mode to remove or disable components, restart your
computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.
Technical information:
*** STOP: 0x0000007E (0xX0000005, 0xF7898160, 0xF78DE864, 0xF78DE560)
*** kdcom.dll - Address F7898160 base at F7897000, DateStamp 4f8f0f42
I restarted the computer and tried Safe Mode again with the same exact response from the computer. I even restarted from the user select screen and then tried Safe Mode. The same thing happened.
When I booted normally to type this message, MBAM displayed the same message as always, blocking the malcious process. However, this time when I clicked Quarantine it displayed the following message:
Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below.
C:\DOCUMENTS AND SETTINGS\NICK\LOCAL SETTINGS\APPLICATION
DATA\{BAEBEB56-D64C-3F43-AC11-15634174457B}\U\00000004.@
ROOTKIT.0ACCESS
-
My wording of that last sentence was poor. Originally I thought that Combofix.exe would be in Add or Remove Programs. It was not, and then I remembered your wording of "delete" instead of "uninstall", which lead me to right click on ComboFix.exe and select Delete.
I am now beginning the download of ComboFix under the name of sega.com.
-
You're welcome. After all, it is important to keep the person helping me well updated. I am now back on the infected computer. The following is the exact message I am getting from MBAM on every startup.
Malwarebytes Anti-Malware has detected a malicious process attempting to
start and has blocked the execution attempt. Please select an option below.
C:\DOCUMENTS AND SETTINGS\NICK\LOCAL SETTINGS\APPLICATION
DATA\{BAEBEB56-D64C-3F43-AC11-15634174457B}\U\80000000.@
TROJAN.SIREFEF
Disable Protection Ignore Quarantine
I have always been selecting Quarantine on every startup of course.
As I am typing this, MBAM has just auto-updated from v2012.07.10.06 to v2012.07.13.06.
I am now beginning the uninstall of ComboFix in order to reinstall it as sega.com.
Google Redirect, My Secruity Shield, Malcious Websites, & DDS log
in Resolved Malware Removal Logs
Posted
OTC did not remove any of the programs, but it did seem to delete itself after the reboot. What else should I try? Seeing how some of these are .exe's if I just put them in the Recycle Bin and emptied it, would they be deleted completely or would some other components remain?