Jump to content

Google redirect virus, malwarebytes didn't remove


Recommended Posts

I tried Malwarebytes in regular and safe mode and it still hasn't gotten rid of the virus even though it found 5 and I selected remove and restarted. I am updated with the latest version. Not sure what else to do. Any help is appreciated!

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Rob :: ROB-FD8060DF370 [administrator]

4/3/2012 5:58:28 PM

mbam-log-2012-04-03 (17-58-28).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 252178

Time elapsed: 1 hour(s), 37 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Delete on reboot.

C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

C:\Documents and Settings\Rob\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

C:\WINDOWS\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

(end)

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Hello geckoness! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and post the log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Rob at 14:14:23 on 2012-04-04

.

============== Running Processes ===============

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Rob\My Documents\Downloads\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510225801.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] E c:\windows\system32\NVCPL.DLL,NVSTARTUP

mRun: [nwiz] E /INSTALL

mRun: [NvMediaCenter] E c:\windows\system32\NVMCTRAY.DLL,NVTASKBARINIT

mRun: [sigmatelSysTrayApp] E

mRun: [AppleSyncNotifier] E

mRun: [mcui_exe] E" /RUNKEY

mRun: [HP Software Update] E

mRun: [<NO NAME>]

mRun: [APSDaemon] E"

mRun: [sunJavaUpdateSched] E"

mRun: [QuickTime Task] E" -ATBOOTTIME

mRun: [Adobe ARM] E"

mRun: [bCSSync] E" /DELAYSERVICES

mRun: [iTunesHelper] E"

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4FB1BABC-D20B-4036-B12D-8AE5B36E546A} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\rob\application data\mozilla\firefox\profiles\yvhtyykl.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\rob\application data\mozilla\firefox\profiles\yvhtyykl.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll

FF - plugin: c:\documents and settings\rob\application data\mozilla\firefox\profiles\yvhtyykl.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? cerc6;cerc6

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? MBAMProtector;MBAMProtector

R? MBAMService;MBAMService

R? McComponentHostService;McAfee Security Scan Component Host Service

R? mfendisk;McAfee Core NDIS Intermediate Filter

R? mferkdet;McAfee Inc. mferkdet

R? mferkdk;McAfee Inc. mferkdk

R? mfesmfk;McAfee Inc. mfesmfk

R? osppsvc;Office Software Protection Platform

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? cfwids;McAfee Inc. cfwids

S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service

S? McMPFSvc;McAfee Personal Firewall Service

S? McNaiAnn;McAfee VirusScan Announcer

S? McProxy;McAfee Proxy Service

S? McShield;McShield

S? mfeavfk;McAfee Inc. mfeavfk

S? mfebopk;McAfee Inc. mfebopk

S? mfefire;McAfee Firewall Core Service

S? mfefirek;McAfee Inc. mfefirek

S? mfehidk;McAfee Inc. mfehidk

S? mfendiskmp;mfendiskmp

S? mfetdi2k;McAfee Inc. mfetdi2k

S? mfevtp;McAfee Validation Trust Protection Service

.

=============== Created Last 30 ================

.

2012-04-04 16:10:15 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-04 02:58:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-02 18:49:22 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd

2012-04-02 18:47:23 -------- d-sh--w- c:\documents and settings\rob\local settings\application data\bda677a3

2012-03-29 18:01:33 89088 ----a-w- c:\windows\system32\gpupghts.dll

2012-03-27 15:15:57 -------- d-----w- c:\program files\iPod

2012-03-27 15:15:17 -------- d-----w- c:\program files\iTunes

2012-03-20 02:05:50 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-20 02:05:49 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-15 18:44:57 -------- d-----w- c:\documents and settings\rob\local settings\application data\TicketNetwork.com

2012-03-15 18:40:42 -------- d-----w- c:\documents and settings\rob\application data\Ticketnetwork

2012-03-15 18:39:28 -------- d-----w- c:\program files\TicketNetwork

2012-03-10 03:07:19 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-03-10 03:06:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-03-10 02:49:51 -------- d-----w- c:\windows\system32\appmgmt

2012-03-09 23:18:33 -------- d-----w- c:\program files\Starfield

2012-03-09 19:52:52 -------- d-----w- c:\documents and settings\rob\local settings\application data\LogMeIn Rescue Applet

2012-03-09 18:15:03 -------- d-----w- c:\program files\RingCentral

2012-03-09 18:14:51 -------- d-----w- c:\documents and settings\all users\application data\RingCentral

.

==================== Find3M ====================

.

2012-04-04 03:56:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 14:39:10.67 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/3/2010 11:26:05 PM

System Uptime: 4/4/2012 1:50:45 PM (1 hours ago)

.

Motherboard: Dell Inc | | 0HY175

Processor: AMD Sempron Processor 3400+ | Socket M2 | 1803/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 71 GiB total, 33.815 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: SM Bus Controller

Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01F41028&REV_A3\3&2411E6FE&0&51

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01F41028&REV_A3\3&2411E6FE&0&51

Service:

.

==== System Restore Points ===================

.

RP595: 1/5/2012 10:08:02 PM - System Checkpoint

RP596: 1/6/2012 11:07:45 PM - System Checkpoint

RP597: 1/8/2012 12:07:43 AM - System Checkpoint

RP598: 1/9/2012 9:53:20 AM - System Checkpoint

RP599: 1/10/2012 10:07:46 AM - System Checkpoint

RP600: 1/11/2012 11:07:46 AM - System Checkpoint

RP601: 1/12/2012 3:00:19 AM - Software Distribution Service 3.0

RP602: 1/13/2012 3:25:34 AM - System Checkpoint

RP603: 1/14/2012 4:25:33 AM - System Checkpoint

RP604: 1/15/2012 5:25:34 AM - System Checkpoint

RP605: 1/16/2012 6:25:34 AM - System Checkpoint

RP606: 1/17/2012 7:25:34 AM - System Checkpoint

RP607: 1/18/2012 8:25:34 AM - System Checkpoint

RP608: 1/19/2012 9:39:46 AM - System Checkpoint

RP609: 1/20/2012 9:51:31 AM - System Checkpoint

RP610: 1/21/2012 9:49:00 PM - System Checkpoint

RP611: 1/23/2012 7:50:02 PM - System Checkpoint

RP612: 1/24/2012 8:25:31 PM - System Checkpoint

RP613: 1/25/2012 8:44:13 PM - System Checkpoint

RP614: 1/26/2012 9:25:28 PM - System Checkpoint

RP615: 1/27/2012 10:25:29 PM - System Checkpoint

RP616: 1/30/2012 4:58:34 PM - System Checkpoint

RP617: 1/31/2012 5:25:29 PM - System Checkpoint

RP618: 1/31/2012 10:17:15 PM - Software Distribution Service 3.0

RP619: 2/1/2012 10:20:47 PM - System Checkpoint

RP620: 2/2/2012 11:20:47 PM - System Checkpoint

RP621: 2/4/2012 12:20:48 AM - System Checkpoint

RP622: 2/5/2012 7:49:33 AM - System Checkpoint

RP623: 2/7/2012 5:34:38 PM - System Checkpoint

RP624: 2/8/2012 5:47:57 PM - System Checkpoint

RP625: 2/9/2012 6:47:58 PM - System Checkpoint

RP626: 2/10/2012 8:01:28 PM - System Checkpoint

RP627: 2/11/2012 8:47:59 PM - System Checkpoint

RP628: 2/12/2012 9:33:40 PM - System Checkpoint

RP629: 2/13/2012 10:05:40 PM - System Checkpoint

RP630: 2/14/2012 11:05:40 PM - System Checkpoint

RP631: 2/17/2012 6:57:51 PM - System Checkpoint

RP632: 2/18/2012 3:00:13 AM - Software Distribution Service 3.0

RP633: 2/19/2012 3:28:54 AM - System Checkpoint

RP634: 2/20/2012 3:33:24 AM - System Checkpoint

RP635: 2/21/2012 4:33:16 AM - System Checkpoint

RP636: 2/22/2012 5:33:16 AM - System Checkpoint

RP637: 2/23/2012 6:33:16 AM - System Checkpoint

RP638: 2/24/2012 7:33:17 AM - System Checkpoint

RP639: 2/25/2012 7:40:29 AM - System Checkpoint

RP640: 2/26/2012 8:33:17 AM - System Checkpoint

RP641: 2/26/2012 8:16:06 PM - Installed Microsoft Office Home and Student 2010

RP642: 2/26/2012 9:21:54 PM - Software Distribution Service 3.0

RP643: 2/27/2012 9:52:34 AM - Software Distribution Service 3.0

RP644: 2/27/2012 8:15:05 PM - Removed Adobe Reader 9.5.0.

RP645: 2/27/2012 8:15:29 PM - Installed Adobe Reader X (10.1.2).

RP646: 2/28/2012 5:42:41 PM - Installed PDFill FREE PDF Tools

RP647: 2/28/2012 5:48:38 PM - Installed PDFill PDF Editor with FREE Writer and FREE Tools

RP648: 2/29/2012 6:17:03 PM - System Checkpoint

RP649: 3/1/2012 7:17:03 PM - System Checkpoint

RP650: 3/3/2012 2:05:46 PM - System Checkpoint

RP651: 3/4/2012 2:17:03 PM - System Checkpoint

RP652: 3/5/2012 3:21:59 PM - System Checkpoint

RP653: 3/6/2012 4:04:53 PM - System Checkpoint

RP654: 3/7/2012 5:04:54 PM - System Checkpoint

RP655: 3/8/2012 6:04:54 PM - System Checkpoint

RP656: 3/9/2012 1:21:07 PM - Unsigned printer driver RingCentral Internet Fax installed.

RP657: 3/9/2012 4:52:20 PM - Installed Microsoft Outlook 2010

RP658: 3/9/2012 7:14:51 PM - Software Distribution Service 3.0

RP659: 3/9/2012 8:02:26 PM - Removed Microsoft Outlook 2010

RP660: 3/9/2012 8:12:38 PM - Installed Microsoft Outlook 2010

RP661: 3/9/2012 8:49:33 PM - 1: 1717 2: Marketsplash Shortcuts

RP662: 3/9/2012 8:50:31 PM - Removed Microsoft Outlook 2010

RP663: 3/9/2012 9:00:35 PM - Installed Microsoft Outlook 2010

RP664: 3/10/2012 3:00:25 AM - Software Distribution Service 3.0

RP665: 3/11/2012 4:29:05 AM - System Checkpoint

RP666: 3/12/2012 5:29:05 AM - System Checkpoint

RP667: 3/13/2012 6:29:00 AM - System Checkpoint

RP668: 3/14/2012 7:29:00 AM - System Checkpoint

RP669: 3/14/2012 12:39:45 PM - Software Distribution Service 3.0

RP670: 3/15/2012 2:19:01 PM - System Checkpoint

RP671: 3/16/2012 3:00:18 AM - Software Distribution Service 3.0

RP672: 3/17/2012 3:40:34 AM - System Checkpoint

RP673: 3/18/2012 3:49:34 AM - System Checkpoint

RP674: 3/19/2012 4:49:35 AM - System Checkpoint

RP675: 3/20/2012 5:49:30 AM - System Checkpoint

RP676: 3/21/2012 10:40:15 AM - System Checkpoint

RP677: 3/22/2012 10:50:51 AM - System Checkpoint

RP678: 3/23/2012 3:00:21 AM - Software Distribution Service 3.0

RP679: 3/24/2012 3:50:52 AM - System Checkpoint

RP680: 3/25/2012 4:50:51 AM - System Checkpoint

RP681: 3/26/2012 5:50:53 AM - System Checkpoint

RP682: 3/27/2012 6:50:43 AM - System Checkpoint

RP683: 3/28/2012 7:23:51 AM - System Checkpoint

RP684: 3/29/2012 8:36:52 AM - System Checkpoint

RP685: 3/30/2012 9:23:51 AM - System Checkpoint

RP686: 3/31/2012 10:09:58 AM - System Checkpoint

RP687: 4/1/2012 11:21:10 AM - System Checkpoint

RP688: 4/2/2012 12:08:40 PM - System Checkpoint

RP689: 4/3/2012 12:23:27 PM - System Checkpoint

RP690: 4/4/2012 12:42:45 PM - System Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Athlon 64 Processor Driver

Bonjour

Broadcom 440x 10/100 Integrated Controller

Broadcom Management Programs

Conexant D850 56K V.9x DFVc Modem

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Driver Download Manager

Dell Resource CD

dj_sf_software_req

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Deskjet Printer Driver Software 9.0

HP Officejet Pro 8500 A910 Basic Device Software

HP Officejet Pro 8500 A910 Help

HP Officejet Pro 8500 A910 Product Improvement Study

HP Update

I.R.I.S. OCR

iTunes

Java Auto Updater

Java 6 Update 29

Malwarebytes Anti-Malware version 1.60.1.1000

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MobileMe Control Panel

Mozilla Firefox 11.0 (x86 en-US)

NVIDIA Drivers

Outlook Setup Tool

PDFill FREE PDF Tools

PDFill PDF Editor with FREE Writer and FREE Tools

QuickTime

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaTel Audio

TicketNetwork Point of Sale 10.0

Toolbox

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB980182)

W Photo Studio

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

.

==== Event Viewer Messages From Past Week ========

.

4/3/2012 11:53:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

4/3/2012 11:53:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/3/2012 11:53:30 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/3/2012 11:52:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/3/2012 11:47:59 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

4/3/2012 11:47:19 PM, error: Service Control Manager [7023] - The RTLE8023xp service terminated with the following error: The specified module could not be found.

4/3/2012 11:47:19 PM, error: Service Control Manager [7023] - The Anydvd service terminated with the following error: The specified module could not be found.

4/2/2012 1:59:50 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

Please do the following in Normal mode, not in Safe mode:

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

All it said was Suspicious Objects were found, 3 threats. Nothing about curing or anything:

16:05:34.0828 0620 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32

16:05:36.0015 0620 ============================================================

16:05:36.0015 0620 Current date / time: 2012/04/04 16:05:36.0015

16:05:36.0015 0620 SystemInfo:

16:05:36.0015 0620

16:05:36.0015 0620 OS Version: 5.1.2600 ServicePack: 3.0

16:05:36.0015 0620 Product type: Workstation

16:05:36.0015 0620 ComputerName: ROB-FD8060DF370

16:05:36.0015 0620 UserName: Rob

16:05:36.0015 0620 Windows directory: C:\WINDOWS

16:05:36.0015 0620 System windows directory: C:\WINDOWS

16:05:36.0015 0620 Processor architecture: Intel x86

16:05:36.0015 0620 Number of processors: 1

16:05:36.0015 0620 Page size: 0x1000

16:05:36.0015 0620 Boot type: Normal boot

16:05:36.0015 0620 ============================================================

16:05:42.0718 0620 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

16:05:42.0718 0620 \Device\Harddisk0\DR0:

16:05:42.0718 0620 MBR used

16:05:42.0718 0620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8E547CA

16:05:42.0906 0620 Initialize success

16:05:42.0906 0620 ============================================================

16:06:12.0031 2856 ============================================================

16:06:12.0031 2856 Scan started

16:06:12.0031 2856 Mode: Manual; SigCheck; TDLFS;

16:06:12.0031 2856 ============================================================

16:06:12.0187 2856 Abiosdsk - ok

16:06:12.0187 2856 abp480n5 - ok

16:06:12.0250 2856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:06:13.0375 2856 ACPI - ok

16:06:13.0453 2856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

16:06:13.0640 2856 ACPIEC - ok

16:06:13.0718 2856 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:06:13.0734 2856 AdobeFlashPlayerUpdateSvc - ok

16:06:13.0750 2856 adpu160m - ok

16:06:13.0812 2856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:06:13.0968 2856 aec - ok

16:06:14.0078 2856 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:06:14.0109 2856 AFD - ok

16:06:14.0125 2856 Aha154x - ok

16:06:14.0140 2856 aic78u2 - ok

16:06:14.0140 2856 aic78xx - ok

16:06:14.0187 2856 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

16:06:14.0359 2856 Alerter - ok

16:06:14.0390 2856 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

16:06:14.0453 2856 ALG - ok

16:06:14.0515 2856 AliIde - ok

16:06:14.0578 2856 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

16:06:14.0609 2856 AmdK8 - ok

16:06:14.0625 2856 amsint - ok

16:06:14.0781 2856 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:06:14.0796 2856 Apple Mobile Device - ok

16:06:14.0843 2856 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

16:06:14.0937 2856 AppMgmt - ok

16:06:15.0000 2856 asc - ok

16:06:15.0015 2856 asc3350p - ok

16:06:15.0015 2856 asc3550 - ok

16:06:15.0171 2856 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

16:06:15.0187 2856 aspnet_state - ok

16:06:15.0234 2856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:06:15.0390 2856 AsyncMac - ok

16:06:15.0484 2856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

16:06:15.0671 2856 atapi - ok

16:06:15.0671 2856 Atdisk - ok

16:06:15.0718 2856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:06:15.0890 2856 Atmarpc - ok

16:06:15.0921 2856 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

16:06:16.0093 2856 AudioSrv - ok

16:06:16.0140 2856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:06:16.0312 2856 audstub - ok

16:06:16.0375 2856 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

16:06:16.0421 2856 bcm4sbxp - ok

16:06:16.0515 2856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:06:16.0671 2856 Beep - ok

16:06:16.0750 2856 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

16:06:17.0031 2856 BITS - ok

16:06:17.0171 2856 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

16:06:17.0218 2856 Bonjour Service - ok

16:06:17.0328 2856 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

16:06:17.0500 2856 Browser - ok

16:06:17.0546 2856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:06:17.0750 2856 cbidf2k - ok

16:06:17.0781 2856 cd20xrnt - ok

16:06:17.0843 2856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:06:18.0031 2856 Cdaudio - ok

16:06:18.0125 2856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:06:18.0312 2856 Cdfs - ok

16:06:18.0359 2856 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:06:18.0546 2856 Cdrom - ok

16:06:18.0562 2856 cerc6 - ok

16:06:18.0625 2856 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys

16:06:18.0703 2856 cfwids - ok

16:06:18.0781 2856 Changer - ok

16:06:18.0828 2856 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

16:06:19.0031 2856 CiSvc - ok

16:06:19.0062 2856 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

16:06:19.0234 2856 ClipSrv - ok

16:06:19.0312 2856 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:06:19.0328 2856 clr_optimization_v2.0.50727_32 - ok

16:06:19.0437 2856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:06:19.0531 2856 clr_optimization_v4.0.30319_32 - ok

16:06:19.0609 2856 CmdIde - ok

16:06:19.0640 2856 COMSysApp - ok

16:06:19.0656 2856 Cpqarray - ok

16:06:19.0703 2856 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

16:06:19.0890 2856 CryptSvc - ok

16:06:19.0921 2856 dac2w2k - ok

16:06:19.0937 2856 dac960nt - ok

16:06:20.0000 2856 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

16:06:20.0078 2856 DcomLaunch - ok

16:06:20.0171 2856 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

16:06:20.0343 2856 Dhcp - ok

16:06:20.0359 2856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:06:20.0546 2856 Disk - ok

16:06:20.0562 2856 dmadmin - ok

16:06:20.0625 2856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:06:20.0859 2856 dmboot - ok

16:06:20.0937 2856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:06:21.0125 2856 dmio - ok

16:06:21.0171 2856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:06:21.0343 2856 dmload - ok

16:06:21.0359 2856 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

16:06:21.0531 2856 dmserver - ok

16:06:21.0593 2856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:06:21.0796 2856 DMusic - ok

16:06:21.0953 2856 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

16:06:22.0140 2856 Dnscache - ok

16:06:22.0281 2856 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

16:06:22.0546 2856 Dot3svc - ok

16:06:22.0593 2856 dpti2o - ok

16:06:22.0656 2856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:06:22.0812 2856 drmkaud - ok

16:06:22.0843 2856 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

16:06:23.0046 2856 EapHost - ok

16:06:23.0062 2856 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

16:06:23.0234 2856 ERSvc - ok

16:06:23.0281 2856 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

16:06:23.0312 2856 Eventlog - ok

16:06:23.0421 2856 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

16:06:23.0453 2856 EventSystem - ok

16:06:23.0515 2856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:06:23.0734 2856 Fastfat - ok

16:06:23.0781 2856 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

16:06:23.0875 2856 FastUserSwitchingCompatibility - ok

16:06:23.0968 2856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

16:06:24.0156 2856 Fdc - ok

16:06:24.0171 2856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:06:24.0343 2856 Fips - ok

16:06:24.0343 2856 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

16:06:24.0515 2856 Flpydisk - ok

16:06:24.0578 2856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

16:06:24.0750 2856 FltMgr - ok

16:06:24.0859 2856 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:06:24.0875 2856 FontCache3.0.0.0 - ok

16:06:24.0921 2856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:06:25.0093 2856 Fs_Rec - ok

16:06:25.0109 2856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:06:25.0265 2856 Ftdisk - ok

16:06:25.0312 2856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:06:25.0312 2856 GEARAspiWDM - ok

16:06:25.0375 2856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:06:25.0578 2856 Gpc - ok

16:06:25.0640 2856 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:06:25.0812 2856 HDAudBus - ok

16:06:25.0875 2856 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:06:26.0062 2856 helpsvc - ok

16:06:26.0171 2856 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

16:06:26.0328 2856 HidServ - ok

16:06:26.0390 2856 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:06:26.0562 2856 hidusb - ok

16:06:26.0609 2856 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

16:06:26.0812 2856 hkmsvc - ok

16:06:26.0843 2856 hpn - ok

16:06:26.0906 2856 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

16:06:26.0953 2856 HSFHWBS2 - ok

16:06:27.0031 2856 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

16:06:27.0140 2856 HSF_DP - ok

16:06:27.0250 2856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:06:27.0281 2856 HTTP - ok

16:06:27.0375 2856 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

16:06:27.0578 2856 HTTPFilter - ok

16:06:27.0625 2856 i2omgmt - ok

16:06:27.0640 2856 i2omp - ok

16:06:27.0687 2856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

16:06:27.0890 2856 i8042prt - ok

16:06:28.0000 2856 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:06:28.0046 2856 idsvc - ok

16:06:28.0171 2856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:06:28.0343 2856 Imapi - ok

16:06:28.0406 2856 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

16:06:28.0593 2856 ImapiService - ok

16:06:28.0609 2856 ini910u - ok

16:06:28.0625 2856 IntelIde - ok

16:06:28.0671 2856 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

16:06:28.0843 2856 Ip6Fw - ok

16:06:28.0968 2856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:06:29.0140 2856 IpFilterDriver - ok

16:06:29.0156 2856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:06:29.0312 2856 IpInIp - ok

16:06:29.0343 2856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:06:29.0515 2856 IpNat - ok

16:06:29.0640 2856 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

16:06:29.0687 2856 iPod Service - ok

16:06:29.0765 2856 IPSec (7f79865026168f58fcca2cb152966428) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:06:29.0781 2856 IPSec ( UnsignedFile.Multi.Generic ) - warning

16:06:29.0781 2856 IPSec - detected UnsignedFile.Multi.Generic (1)

16:06:29.0828 2856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:06:29.0921 2856 IRENUM - ok

16:06:29.0984 2856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:06:30.0156 2856 isapnp - ok

16:06:30.0281 2856 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

16:06:30.0296 2856 JavaQuickStarterService - ok

16:06:30.0375 2856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:06:30.0531 2856 Kbdclass - ok

16:06:30.0562 2856 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:06:30.0750 2856 kbdhid - ok

16:06:30.0812 2856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:06:31.0000 2856 kmixer - ok

16:06:31.0046 2856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:06:31.0140 2856 KSecDD - ok

16:06:31.0281 2856 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

16:06:31.0328 2856 LanmanServer - ok

16:06:31.0390 2856 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

16:06:31.0437 2856 lanmanworkstation - ok

16:06:31.0468 2856 lbrtfdc - ok

16:06:31.0578 2856 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

16:06:31.0750 2856 LmHosts - ok

16:06:31.0812 2856 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

16:06:31.0812 2856 MBAMProtector - ok

16:06:31.0921 2856 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

16:06:31.0968 2856 MBAMService - ok

16:06:32.0031 2856 McAfee SiteAdvisor Service (aac3b33ba020d2af530d694a5a920180) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

16:06:32.0062 2856 McAfee SiteAdvisor Service - ok

16:06:32.0140 2856 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

16:06:32.0156 2856 McComponentHostService - ok

16:06:32.0296 2856 McMPFSvc (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

16:06:32.0312 2856 McMPFSvc - ok

16:06:32.0343 2856 mcmscsvc (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:06:32.0375 2856 mcmscsvc - ok

16:06:32.0390 2856 McNaiAnn (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:06:32.0406 2856 McNaiAnn - ok

16:06:32.0421 2856 McNASvc (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:06:32.0437 2856 McNASvc - ok

16:06:32.0640 2856 McODS (ada83a989d5822daa5e2f62fdf118ac6) C:\Program Files\McAfee\VirusScan\mcods.exe

16:06:32.0656 2856 McODS - ok

16:06:32.0765 2856 McProxy (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

16:06:32.0781 2856 McProxy - ok

16:06:32.0890 2856 McShield (f2861f8954d464f84c407a06a8d41d2f) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

16:06:32.0906 2856 McShield - ok

16:06:33.0015 2856 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:06:33.0015 2856 mdmxsdk - ok

16:06:33.0062 2856 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

16:06:33.0250 2856 Messenger - ok

16:06:33.0281 2856 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys

16:06:33.0281 2856 mfeapfk - ok

16:06:33.0312 2856 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys

16:06:33.0343 2856 mfeavfk - ok

16:06:33.0343 2856 mfeavfk01 - ok

16:06:33.0375 2856 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys

16:06:33.0406 2856 mfebopk - ok

16:06:33.0546 2856 mfefire (a6dcd516f8c9e1dd3eac10ba97ea42c1) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

16:06:33.0562 2856 mfefire - ok

16:06:33.0625 2856 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys

16:06:33.0656 2856 mfefirek - ok

16:06:33.0687 2856 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys

16:06:33.0734 2856 mfehidk - ok

16:06:33.0781 2856 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

16:06:33.0781 2856 mfendisk - ok

16:06:33.0828 2856 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

16:06:33.0843 2856 mfendiskmp - ok

16:06:33.0859 2856 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys

16:06:33.0875 2856 mferkdet - ok

16:06:33.0906 2856 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

16:06:33.0921 2856 mferkdk - ok

16:06:34.0000 2856 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

16:06:34.0015 2856 mfesmfk - ok

16:06:34.0062 2856 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys

16:06:34.0078 2856 mfetdi2k - ok

16:06:34.0109 2856 mfevtp (822bd7b6a2214ef6db595579b583a4d3) C:\WINDOWS\system32\mfevtps.exe

16:06:34.0125 2856 mfevtp - ok

16:06:34.0171 2856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:06:34.0328 2856 mnmdd - ok

16:06:34.0375 2856 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

16:06:34.0546 2856 mnmsrvc - ok

16:06:34.0640 2856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:06:34.0812 2856 Modem - ok

16:06:34.0859 2856 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

16:06:35.0031 2856 MODEMCSA - ok

16:06:35.0078 2856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:06:35.0250 2856 Mouclass - ok

16:06:35.0578 2856 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:06:35.0781 2856 mouhid - ok

16:06:35.0937 2856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:06:36.0296 2856 MountMgr - ok

16:06:36.0296 2856 mraid35x - ok

16:06:36.0453 2856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:06:36.0687 2856 MRxDAV - ok

16:06:36.0812 2856 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:06:36.0875 2856 MRxSmb - ok

16:06:36.0921 2856 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

16:06:37.0093 2856 MSDTC - ok

16:06:37.0125 2856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:06:37.0296 2856 Msfs - ok

16:06:37.0359 2856 MSIServer - ok

16:06:37.0406 2856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:06:37.0578 2856 MSKSSRV - ok

16:06:37.0609 2856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:06:37.0781 2856 MSPCLOCK - ok

16:06:37.0828 2856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:06:38.0000 2856 MSPQM - ok

16:06:38.0078 2856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:06:38.0250 2856 mssmbios - ok

16:06:38.0296 2856 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:06:38.0328 2856 Mup - ok

16:06:38.0359 2856 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

16:06:38.0531 2856 napagent - ok

16:06:38.0609 2856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:06:38.0765 2856 NDIS - ok

16:06:38.0843 2856 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:06:38.0906 2856 NdisTapi - ok

16:06:38.0953 2856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:06:39.0125 2856 Ndisuio - ok

16:06:39.0218 2856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:06:39.0406 2856 NdisWan - ok

16:06:39.0484 2856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:06:39.0546 2856 NDProxy - ok

16:06:39.0578 2856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:06:39.0750 2856 NetBIOS - ok

16:06:39.0843 2856 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:06:40.0000 2856 NetBT - ok

16:06:40.0031 2856 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

16:06:40.0203 2856 NetDDE - ok

16:06:40.0203 2856 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

16:06:40.0359 2856 NetDDEdsdm - ok

16:06:40.0390 2856 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:06:40.0546 2856 Netlogon - ok

16:06:40.0609 2856 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

16:06:40.0781 2856 Netman - ok

16:06:40.0937 2856 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

16:06:40.0984 2856 NetTcpPortSharing - ok

16:06:41.0062 2856 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

16:06:41.0125 2856 Nla - ok

16:06:41.0203 2856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:06:41.0359 2856 Npfs - ok

16:06:41.0421 2856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:06:41.0609 2856 Ntfs - ok

16:06:41.0656 2856 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:06:41.0843 2856 NtLmSsp - ok

16:06:41.0875 2856 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

16:06:42.0062 2856 NtmsSvc - ok

16:06:42.0140 2856 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

16:06:42.0140 2856 NuidFltr - ok

16:06:42.0203 2856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:06:42.0359 2856 Null - ok

16:06:42.0578 2856 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

16:06:42.0796 2856 nv - ok

16:06:42.0906 2856 nvgts (a0b3f3a5049931657164f0ffcf0b208e) C:\WINDOWS\system32\drivers\nvgts.sys

16:06:42.0953 2856 nvgts - ok

16:06:43.0000 2856 NVSvc (986d6666e076afd2b60acafd5b01a00f) C:\WINDOWS\system32\nvsvc32.exe

16:06:43.0062 2856 NVSvc - ok

16:06:43.0093 2856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:06:43.0265 2856 NwlnkFlt - ok

16:06:43.0296 2856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:06:43.0453 2856 NwlnkFwd - ok

16:06:43.0546 2856 OMCI - ok

16:06:43.0671 2856 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:06:43.0687 2856 ose - ok

16:06:43.0921 2856 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:06:44.0328 2856 osppsvc - ok

16:06:44.0421 2856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

16:06:44.0609 2856 Parport - ok

16:06:44.0625 2856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:06:44.0812 2856 PartMgr - ok

16:06:44.0843 2856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

16:06:45.0015 2856 ParVdm - ok

16:06:45.0046 2856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

16:06:45.0218 2856 PCI - ok

16:06:45.0281 2856 PCIDump - ok

16:06:45.0281 2856 PCIIde - ok

16:06:45.0328 2856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

16:06:45.0484 2856 Pcmcia - ok

16:06:45.0500 2856 PDCOMP - ok

16:06:45.0515 2856 PDFRAME - ok

16:06:45.0531 2856 PDRELI - ok

16:06:45.0546 2856 PDRFRAME - ok

16:06:45.0562 2856 perc2 - ok

16:06:45.0578 2856 perc2hib - ok

16:06:45.0640 2856 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

16:06:45.0640 2856 PlugPlay - ok

16:06:45.0671 2856 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:06:45.0828 2856 PolicyAgent - ok

16:06:45.0859 2856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:06:46.0046 2856 PptpMiniport - ok

16:06:46.0078 2856 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

16:06:46.0234 2856 Processor - ok

16:06:46.0296 2856 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:06:46.0453 2856 ProtectedStorage - ok

16:06:46.0453 2856 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:06:46.0640 2856 PSched - ok

16:06:46.0687 2856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:06:46.0843 2856 Ptilink - ok

16:06:46.0843 2856 ql1080 - ok

16:06:46.0859 2856 Ql10wnt - ok

16:06:46.0875 2856 ql12160 - ok

16:06:46.0890 2856 ql1240 - ok

16:06:46.0906 2856 ql1280 - ok

16:06:46.0937 2856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:06:47.0093 2856 RasAcd - ok

16:06:47.0140 2856 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

16:06:47.0312 2856 RasAuto - ok

16:06:47.0390 2856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:06:47.0578 2856 Rasl2tp - ok

16:06:47.0625 2856 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

16:06:47.0765 2856 RasMan - ok

16:06:47.0781 2856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:06:47.0953 2856 RasPppoe - ok

16:06:47.0968 2856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:06:48.0140 2856 Raspti - ok

16:06:48.0171 2856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:06:48.0328 2856 Rdbss - ok

16:06:48.0343 2856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:06:48.0500 2856 RDPCDD - ok

16:06:48.0546 2856 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:06:48.0687 2856 rdpdr - ok

16:06:48.0734 2856 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

16:06:48.0828 2856 RDPWD - ok

16:06:48.0890 2856 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

16:06:49.0062 2856 RDSessMgr - ok

16:06:49.0203 2856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:06:49.0390 2856 redbook - ok

16:06:49.0546 2856 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

16:06:49.0937 2856 RemoteAccess - ok

16:06:50.0109 2856 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

16:06:50.0296 2856 RemoteRegistry - ok

16:06:50.0328 2856 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

16:06:50.0500 2856 RpcLocator - ok

16:06:50.0609 2856 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

16:06:50.0640 2856 RpcSs - ok

16:06:50.0781 2856 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

16:06:50.0953 2856 RSVP - ok

16:06:51.0000 2856 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

16:06:51.0156 2856 SamSs - ok

16:06:51.0203 2856 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

16:06:51.0421 2856 SCardSvr - ok

16:06:51.0546 2856 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

16:06:51.0703 2856 Schedule - ok

16:06:51.0750 2856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:06:51.0828 2856 Secdrv - ok

16:06:51.0875 2856 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

16:06:52.0062 2856 seclogon - ok

16:06:52.0140 2856 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

16:06:52.0296 2856 SENS - ok

16:06:52.0375 2856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

16:06:52.0546 2856 Serial - ok

16:06:52.0578 2856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:06:52.0750 2856 Sfloppy - ok

16:06:52.0812 2856 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

16:06:53.0000 2856 SharedAccess - ok

16:06:53.0093 2856 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

16:06:53.0109 2856 ShellHWDetection - ok

16:06:53.0156 2856 Simbad - ok

16:06:53.0203 2856 Sparrow - ok

16:06:53.0296 2856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:06:53.0468 2856 splitter - ok

16:06:53.0500 2856 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

16:06:53.0546 2856 Spooler - ok

16:06:53.0640 2856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

16:06:53.0718 2856 sr - ok

16:06:53.0765 2856 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

16:06:53.0828 2856 srservice - ok

16:06:53.0875 2856 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:06:53.0906 2856 Srv - ok

16:06:53.0953 2856 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

16:06:54.0015 2856 SSDPSRV - ok

16:06:54.0109 2856 stac97 - ok

16:06:54.0218 2856 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys

16:06:54.0375 2856 STHDA - ok

16:06:54.0500 2856 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

16:06:54.0703 2856 stisvc - ok

16:06:54.0734 2856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:06:54.0906 2856 swenum - ok

16:06:54.0968 2856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:06:55.0125 2856 swmidi - ok

16:06:55.0187 2856 SwPrv - ok

16:06:55.0203 2856 symc810 - ok

16:06:55.0218 2856 symc8xx - ok

16:06:55.0234 2856 sym_hi - ok

16:06:55.0250 2856 sym_u3 - ok

16:06:55.0281 2856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:06:55.0437 2856 sysaudio - ok

16:06:55.0484 2856 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

16:06:55.0671 2856 SysmonLog - ok

16:06:55.0687 2856 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

16:06:55.0859 2856 TapiSrv - ok

16:06:55.0921 2856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:06:55.0968 2856 Tcpip - ok

16:06:56.0078 2856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:06:56.0234 2856 TDPIPE - ok

16:06:56.0296 2856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:06:56.0484 2856 TDTCP - ok

16:06:56.0531 2856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:06:56.0687 2856 TermDD - ok

16:06:56.0734 2856 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

16:06:56.0890 2856 TermService - ok

16:06:56.0984 2856 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

16:06:57.0000 2856 Themes - ok

16:06:57.0062 2856 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

16:06:57.0125 2856 TlntSvr - ok

16:06:57.0187 2856 TosIde - ok

16:06:57.0250 2856 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

16:06:57.0421 2856 TrkWks - ok

16:06:57.0468 2856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:06:57.0625 2856 Udfs - ok

16:06:57.0640 2856 ultra - ok

16:06:57.0671 2856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:06:57.0843 2856 Update - ok

16:06:57.0890 2856 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

16:06:57.0968 2856 upnphost - ok

16:06:58.0015 2856 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

16:06:58.0140 2856 UPS - ok

16:06:58.0250 2856 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

16:06:58.0265 2856 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

16:06:58.0265 2856 USBAAPL - detected UnsignedFile.Multi.Generic (1)

16:06:58.0296 2856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:06:58.0484 2856 usbccgp - ok

16:06:58.0531 2856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:06:58.0671 2856 usbehci - ok

16:06:58.0718 2856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:06:58.0859 2856 usbhub - ok

16:06:58.0968 2856 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

16:06:59.0125 2856 usbohci - ok

16:06:59.0203 2856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:06:59.0375 2856 usbprint - ok

16:06:59.0500 2856 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:06:59.0687 2856 usbscan - ok

16:06:59.0796 2856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:06:59.0984 2856 USBSTOR - ok

16:07:00.0109 2856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:07:00.0281 2856 VgaSave - ok

16:07:00.0343 2856 ViaIde - ok

16:07:00.0375 2856 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

16:07:00.0562 2856 VolSnap - ok

16:07:00.0640 2856 vpcbus - ok

16:07:00.0765 2856 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

16:07:00.0875 2856 VSS - ok

16:07:01.0031 2856 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

16:07:01.0203 2856 W32Time - ok

16:07:01.0296 2856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:07:01.0484 2856 Wanarp - ok

16:07:01.0718 2856 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

16:07:01.0765 2856 Wdf01000 - ok

16:07:01.0828 2856 WDICA - ok

16:07:01.0921 2856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:07:02.0109 2856 wdmaud - ok

16:07:02.0140 2856 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

16:07:02.0328 2856 WebClient - ok

16:07:02.0484 2856 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:07:02.0562 2856 winachsf - ok

16:07:02.0718 2856 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

16:07:02.0890 2856 winmgmt - ok

16:07:03.0078 2856 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

16:07:03.0265 2856 WmdmPmSN - ok

16:07:03.0343 2856 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

16:07:03.0453 2856 Wmi - ok

16:07:03.0625 2856 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

16:07:03.0828 2856 WmiApSrv - ok

16:07:04.0203 2856 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:07:04.0828 2856 WPFFontCache_v0400 - ok

16:07:05.0171 2856 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

16:07:05.0343 2856 wuauserv - ok

16:07:05.0656 2856 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

16:07:05.0859 2856 WZCSVC - ok

16:07:06.0093 2856 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

16:07:06.0265 2856 xmlprov - ok

16:07:06.0281 2856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

16:07:07.0093 2856 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:07:07.0093 2856 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:07:07.0125 2856 Boot (0x1200) (9203258dc7e6f073f072e10972bd8fcb) \Device\Harddisk0\DR0\Partition0

16:07:07.0140 2856 \Device\Harddisk0\DR0\Partition0 - ok

16:07:07.0140 2856 ============================================================

16:07:07.0140 2856 Scan finished

16:07:07.0140 2856 ============================================================

16:07:07.0281 2728 Detected object count: 3

16:07:07.0281 2728 Actual detected object count: 3

16:07:10.0703 2728 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user

16:07:10.0703 2728 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:07:10.0718 2728 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

16:07:10.0718 2728 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:07:10.0718 2728 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:07:10.0718 2728 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Malwarebytes Report:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Rob :: ROB-FD8060DF370 [administrator]

4/4/2012 4:15:57 PM

mbam-log-2012-04-04 (16-15-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 212334

Time elapsed: 36 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

C:\Documents and Settings\Rob\Local Settings\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

C:\WINDOWS\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

(end)

Link to post
Share on other sites

Yes, I just want to be sure that entrie is gone.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

The first thing to try is to reboot your computer. This step alone should fix the vast majority of issues with no Internet connection after running ComboFix. If you still do not have an Internet connection after rebooting then please perform the following steps:

  1. Click on the Start button.
  2. Click on the Settings menu option.
  3. Click on the Control Panel option.
  4. When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  5. You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  6. You will now see a menu similar to the image below. Simply click on the Repair menu option.
    repair.jpg
  7. Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.
    Alternatively, if your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair as shown below.
    tray-repair.jpg

Link to post
Share on other sites

Don't you have access to another PC?

I need ComboFix log file and the following too:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

I burned it to a disc and got the combo fix on this computer now. Here it is:

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-04 21:10 . 2012-04-04 21:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-04 16:10 . 2012-04-04 22:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-04 02:58 . 2012-04-04 03:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-02 18:47 . 2012-04-06 17:48 -------- d-sh--w- c:\documents and settings\Rob\Local Settings\Application Data\bda677a3

2012-03-29 18:01 . 2012-03-29 18:01 89088 ----a-w- c:\windows\system32\gpupghts.dll

2012-03-27 15:15 . 2012-03-27 15:15 -------- d-----w- c:\program files\iPod

2012-03-27 15:15 . 2012-03-27 15:19 -------- d-----w- c:\program files\iTunes

2012-03-27 15:08 . 2012-03-27 15:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2012-03-20 02:05 . 2012-03-20 02:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-20 02:05 . 2012-03-20 02:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-15 18:44 . 2012-03-15 18:44 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\TicketNetwork.com

2012-03-15 18:40 . 2012-03-30 19:48 -------- d-----w- c:\documents and settings\Rob\Application Data\Ticketnetwork

2012-03-15 18:39 . 2012-03-20 15:17 -------- d-----w- c:\program files\TicketNetwork

2012-03-10 03:07 . 2012-03-10 03:07 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-03-10 03:06 . 2012-03-10 03:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-03-09 23:18 . 2012-03-10 03:20 -------- d-----w- c:\program files\Starfield

2012-03-09 19:52 . 2012-03-16 21:36 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\LogMeIn Rescue Applet

2012-03-09 18:15 . 2012-03-10 02:37 -------- d-----w- c:\program files\RingCentral

2012-03-09 18:14 . 2012-03-10 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\RingCentral

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 03:56 . 2011-06-10 21:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 09:51 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2010-06-04 04:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-20 02:05 . 2011-05-08 18:08 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 19:01 . 2011-01-13 19:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-06_17.59.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-06 18:34 . 2012-04-06 18:34 16384 c:\windows\Temp\Perflib_Perfdata_664.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="E" [X]

"nwiz"="E" [X]

"NvMediaCenter"="E" [X]

"SigmatelSysTrayApp"="E" [X]

"AppleSyncNotifier"="E" [X]

"mcui_exe"="E" [X]

"HP Software Update"="E" [X]

"APSDaemon"="E" [X]

"SunJavaUpdateSched"="E" [X]

"QuickTime Task"="E -ATBOOTTIME" [X]

"Adobe ARM"="E" [X]

"BCSSync"="E" [X]

"iTunesHelper"="E" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/13/2011 2:02 PM 84200]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/4/2010 5:24 PM 203280]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 2:02 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 2:02 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/13/2011 2:02 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/13/2011 2:02 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/13/2011 2:02 PM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/13/2011 2:02 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/13/2011 2:02 PM 88736]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 9:58 PM 253600]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/4/2010 7:21 PM 20464]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/4/2012 4:10 PM 40776]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/13/2011 2:02 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/13/2011 2:02 PM 84488]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/4/2010 7:21 PM 652360]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vpcbus

stac97

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:56]

.

2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]

.

2012-04-06 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-06 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-05 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-05 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\yvhtyykl.default\

FF - user.js: general.useragent.extra.brc -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-06 13:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-04-06 13:58:36

ComboFix-quarantined-files.txt 2012-04-06 18:58

ComboFix2.txt 2012-04-06 18:11

.

Pre-Run: 38,995,030,016 bytes free

Post-Run: 38,995,091,456 bytes free

.

- - End Of File - - E2DF23BCF6C69566C1DAF64748409DC5

Link to post
Share on other sites

ComboFix 12-04-06.03 - Rob 04/06/2012 13:42:06.2.1 - x86

Running from: c:\documents and settings\Rob\My Documents\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-04 21:10 . 2012-04-04 21:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-04 16:10 . 2012-04-04 22:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-04 02:58 . 2012-04-04 03:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-02 18:47 . 2012-04-06 17:48 -------- d-sh--w- c:\documents and settings\Rob\Local Settings\Application Data\bda677a3

2012-03-29 18:01 . 2012-03-29 18:01 89088 ----a-w- c:\windows\system32\gpupghts.dll

2012-03-27 15:15 . 2012-03-27 15:15 -------- d-----w- c:\program files\iPod

2012-03-27 15:15 . 2012-03-27 15:19 -------- d-----w- c:\program files\iTunes

2012-03-27 15:08 . 2012-03-27 15:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2012-03-20 02:05 . 2012-03-20 02:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-20 02:05 . 2012-03-20 02:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-15 18:44 . 2012-03-15 18:44 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\TicketNetwork.com

2012-03-15 18:40 . 2012-03-30 19:48 -------- d-----w- c:\documents and settings\Rob\Application Data\Ticketnetwork

2012-03-15 18:39 . 2012-03-20 15:17 -------- d-----w- c:\program files\TicketNetwork

2012-03-10 03:07 . 2012-03-10 03:07 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-03-10 03:06 . 2012-03-10 03:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-03-09 23:18 . 2012-03-10 03:20 -------- d-----w- c:\program files\Starfield

2012-03-09 19:52 . 2012-03-16 21:36 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\LogMeIn Rescue Applet

2012-03-09 18:15 . 2012-03-10 02:37 -------- d-----w- c:\program files\RingCentral

2012-03-09 18:14 . 2012-03-10 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\RingCentral

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 03:56 . 2011-06-10 21:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 09:51 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2010-06-04 04:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-20 02:05 . 2011-05-08 18:08 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 19:01 . 2011-01-13 19:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-06_17.59.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-06 18:34 . 2012-04-06 18:34 16384 c:\windows\Temp\Perflib_Perfdata_664.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="E" [X]

"nwiz"="E" [X]

"NvMediaCenter"="E" [X]

"SigmatelSysTrayApp"="E" [X]

"AppleSyncNotifier"="E" [X]

"mcui_exe"="E" [X]

"HP Software Update"="E" [X]

"APSDaemon"="E" [X]

"SunJavaUpdateSched"="E" [X]

"QuickTime Task"="E -ATBOOTTIME" [X]

"Adobe ARM"="E" [X]

"BCSSync"="E" [X]

"iTunesHelper"="E" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/13/2011 2:02 PM 84200]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/4/2010 5:24 PM 203280]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 2:02 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 2:02 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/13/2011 2:02 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/13/2011 2:02 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/13/2011 2:02 PM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/13/2011 2:02 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/13/2011 2:02 PM 88736]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 9:58 PM 253600]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/4/2010 7:21 PM 20464]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/4/2012 4:10 PM 40776]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/13/2011 2:02 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/13/2011 2:02 PM 84488]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/4/2010 7:21 PM 652360]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vpcbus

stac97

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:56]

.

2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]

.

2012-04-06 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-06 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-05 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-05 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\yvhtyykl.default\

FF - user.js: general.useragent.extra.brc -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-06 13:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-04-06 13:58:36

ComboFix-quarantined-files.txt 2012-04-06 18:58

ComboFix2.txt 2012-04-06 18:11

.

Pre-Run: 38,995,030,016 bytes free

Post-Run: 38,995,091,456 bytes free

.

- - End Of File - - E2DF23BCF6C69566C1DAF64748409DC5

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=108200

Collect::[8]
c:\windows\system32\gpupghts.dll

Folder::
c:\documents and settings\Rob\Local Settings\Application Data\bda677a3

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

I ran the report and it wanted to connecgt to the internet to submit malware files for further inspection but obviously can't do that. It saved the file so whenever its back up I can submit it. Here is the report:

ComboFix 12-04-06.03 - Rob 04/09/2012 10:02:56.3.1 - x86

Running from: c:\documents and settings\Rob\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Rob\My Documents\Downloads\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

.

file zipped: c:\windows\system32\gpupghts.dll

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Rob\Local Settings\Application Data\bda677a3

c:\documents and settings\Rob\Local Settings\Application Data\bda677a3\@

c:\windows\system32\gpupghts.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))

.

.

2012-04-04 16:10 . 2012-04-04 22:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-04 02:58 . 2012-04-04 03:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-27 15:15 . 2012-03-27 15:15 -------- d-----w- c:\program files\iPod

2012-03-27 15:15 . 2012-03-27 15:19 -------- d-----w- c:\program files\iTunes

2012-03-27 15:08 . 2012-03-27 15:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2012-03-20 02:05 . 2012-03-20 02:05 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-20 02:05 . 2012-03-20 02:05 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-15 18:44 . 2012-03-15 18:44 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\TicketNetwork.com

2012-03-15 18:40 . 2012-03-30 19:48 -------- d-----w- c:\documents and settings\Rob\Application Data\Ticketnetwork

2012-03-15 18:39 . 2012-03-20 15:17 -------- d-----w- c:\program files\TicketNetwork

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 03:56 . 2011-06-10 21:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 09:51 3072 ------w- c:\windows\system32\iacenc.dll

2012-03-20 02:05 . 2011-05-08 18:08 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 19:01 . 2011-01-13 19:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Cryptography Services Error !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="E" [X]

"nwiz"="E" [X]

"NvMediaCenter"="E" [X]

"SigmatelSysTrayApp"="E" [X]

"AppleSyncNotifier"="E" [X]

"mcui_exe"="E" [X]

"HP Software Update"="E" [X]

"APSDaemon"="E" [X]

"SunJavaUpdateSched"="E" [X]

"QuickTime Task"="E -ATBOOTTIME" [X]

"Adobe ARM"="E" [X]

"BCSSync"="E" [X]

"iTunesHelper"="E" [X]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

R0 cerc6;cerc6; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 253600]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]

S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vpcbus

stac97

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:56]

.

2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]

.

2012-04-08 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-09 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-08 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

2012-04-08 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 02:12]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\yvhtyykl.default\

FF - user.js: general.useragent.extra.brc -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-09 10:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeavfk01]

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(276)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\webcheck.dll

c:\docume~1\Rob\LOCALS~1\Temp\catchme.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2012-04-09 10:22:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-09 15:21

ComboFix2.txt 2012-04-06 18:58

ComboFix3.txt 2012-04-06 18:11

.

Pre-Run: 38,954,786,816 bytes free

Post-Run: 38,952,919,040 bytes free

.

- - End Of File - - 30B730EEDF53237B73FF4D3FF8DC9B26

Link to post
Share on other sites

I need this log file:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.