Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

automatic updates won't turn on - virus (?) is not letting me run


  • This topic is locked This topic is locked

#1
IndyBlue

IndyBlue

    Member

  • Member
  • PipPipPip
  • 138 posts
Dear GTG,

I have Windows XP. A few days ago, Avira caught a virus and I deleted it (TR/Crypt.XPACK.Gen8, I think). Since then, the Automatic Updates icon on my desktop shows as "off" and I can't correct it. When I go to the Control Panel, it shows as "on". I ran Malware Bytes, and it caught something (PUP something), and I deleted it. I ran Malware Bytes again, and it showed my computer as clean. (The Automatic Updates problem is still with me.) I ran Vipre for the [bleep] of it, and then my whole system crashed and I got the Blue Screen of Death.

I'm not sure what to do. I downloaded OTL and ran it, and then it froze. I tried again and got a log.

Could you please help me? Btw, I don't know anything about computer languages or programming, so my knowledge of computers is very unsophisticated. I apologize in advance if I don't understand something. GTG has helped me a number of times, though, and everyone here has been unbelievably generous--and effective--with their time, and so I thank you in advance as well!

Sincerely,

Indy

P.S. An additional question, if I may: my computer often starts 'revving' like crazy when I'm using it. It's just really loud. I turn it off and start it up again, and it remains quiet--but only sometimes. Is there anything I can do to stop this noise? It's revving like mad right now--and it always makes me nervous because it sounds like the computer is going to overheat or something. This has been going on forever. Thanks!
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello IndyBlue and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download Microsoft FixIt from Here and run it in order to fix Windows Updates.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 4

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 5

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
Dear Maliprog,

Thank you so much for your response!! I am following your instructions to the letter, and will post each log in its own reply (per your request). Here's what I've done so far:

1) Ran Microsoft Fixit. When it was done, it said that there was one problem it could not fix.

2) Ran TDSSKiller, and there were 11 suspicious objects, which I skipped per your instructions. Here is the log:

12:44:40.0578 2832 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
12:44:40.0828 2832 ============================================================
12:44:40.0828 2832 Current date / time: 2012/03/28 12:44:40.0828
12:44:40.0828 2832 SystemInfo:
12:44:40.0828 2832
12:44:40.0828 2832 OS Version: 5.1.2600 ServicePack: 3.0
12:44:40.0828 2832 Product type: Workstation
12:44:40.0828 2832 ComputerName: HOME
12:44:40.0828 2832 UserName: Administrator
12:44:40.0828 2832 Windows directory: C:\WINDOWS
12:44:40.0828 2832 System windows directory: C:\WINDOWS
12:44:40.0828 2832 Processor architecture: Intel x86
12:44:40.0828 2832 Number of processors: 2
12:44:40.0828 2832 Page size: 0x1000
12:44:40.0828 2832 Boot type: Normal boot
12:44:40.0828 2832 ============================================================
12:44:49.0562 2832 !crdlk
12:44:49.0562 2832 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:44:49.0609 2832 Drive \Device\Harddisk1\DR3 - Size: 0x7470C05C00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:53.0468 2832 \Device\Harddisk0\DR0:
12:44:53.0468 2832 MBR used
12:44:53.0468 2832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A69BB9
12:44:53.0468 2832 \Device\Harddisk1\DR3:
12:44:53.0468 2832 MBR used
12:44:53.0468 2832 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:44:53.0562 2832 Initialize success
12:44:53.0562 2832 ============================================================
12:45:41.0578 0176 ============================================================
12:45:41.0578 0176 Scan started
12:45:41.0578 0176 Mode: Manual; SigCheck; TDLFS;
12:45:41.0578 0176 ============================================================
12:45:42.0312 0176 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:45:42.0515 0176 !SASCORE - ok
12:45:42.0687 0176 Abiosdsk - ok
12:45:42.0828 0176 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:45:42.0921 0176 abp480n5 - ok
12:45:43.0015 0176 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:45:43.0156 0176 ACPI - ok
12:45:43.0296 0176 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:45:43.0421 0176 ACPIEC - ok
12:45:43.0609 0176 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:45:43.0734 0176 adpu160m - ok
12:45:43.0890 0176 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
12:45:43.0906 0176 aeaudio - ok
12:45:44.0046 0176 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:45:44.0218 0176 aec - ok
12:45:44.0296 0176 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:45:44.0312 0176 AFD - ok
12:45:44.0453 0176 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:45:44.0593 0176 agp440 - ok
12:45:44.0734 0176 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:45:44.0859 0176 agpCPQ - ok
12:45:45.0031 0176 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:45:45.0093 0176 Aha154x - ok
12:45:45.0234 0176 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:45:45.0375 0176 aic78u2 - ok
12:45:45.0531 0176 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:45:45.0656 0176 aic78xx - ok
12:45:45.0734 0176 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:45:45.0875 0176 Alerter - ok
12:45:45.0984 0176 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:45:46.0046 0176 ALG - ok
12:45:46.0203 0176 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:45:46.0328 0176 AliIde - ok
12:45:46.0421 0176 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:45:46.0546 0176 alim1541 - ok
12:45:46.0703 0176 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:45:46.0843 0176 amdagp - ok
12:45:47.0000 0176 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:45:47.0062 0176 amsint - ok
12:45:47.0203 0176 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:45:47.0265 0176 AntiVirSchedulerService - ok
12:45:47.0406 0176 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:45:47.0421 0176 AntiVirService - ok
12:45:47.0593 0176 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:45:47.0609 0176 Apple Mobile Device - ok
12:45:47.0718 0176 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:45:47.0781 0176 AppMgmt - ok
12:45:47.0937 0176 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:45:48.0062 0176 asc - ok
12:45:48.0203 0176 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:45:48.0265 0176 asc3350p - ok
12:45:48.0406 0176 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:45:48.0546 0176 asc3550 - ok
12:45:48.0734 0176 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:45:48.0781 0176 aspnet_state - ok
12:45:48.0937 0176 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:45:49.0062 0176 AsyncMac - ok
12:45:49.0218 0176 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:45:49.0359 0176 atapi - ok
12:45:49.0484 0176 Atdisk - ok
12:45:49.0562 0176 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:45:49.0703 0176 Atmarpc - ok
12:45:49.0812 0176 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:45:49.0937 0176 AudioSrv - ok
12:45:50.0093 0176 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:45:50.0218 0176 audstub - ok
12:45:50.0390 0176 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:45:50.0437 0176 avgntflt - ok
12:45:50.0593 0176 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:45:50.0593 0176 avipbb - ok
12:45:50.0750 0176 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:45:50.0765 0176 avkmgr - ok
12:45:50.0906 0176 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:45:50.0921 0176 b57w2k - ok
12:45:51.0093 0176 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
12:45:51.0093 0176 BANTExt ( UnsignedFile.Multi.Generic ) - warning
12:45:51.0093 0176 BANTExt - detected UnsignedFile.Multi.Generic (1)
12:45:51.0187 0176 BAsfIpM (bdd5538b859dbeb3ecaf09b3d027553a) C:\WINDOWS\system32\basfipm.exe
12:45:51.0187 0176 BAsfIpM ( UnsignedFile.Multi.Generic ) - warning
12:45:51.0187 0176 BAsfIpM - detected UnsignedFile.Multi.Generic (1)
12:45:51.0328 0176 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
12:45:51.0328 0176 BASFND ( UnsignedFile.Multi.Generic ) - warning
12:45:51.0328 0176 BASFND - detected UnsignedFile.Multi.Generic (1)
12:45:51.0421 0176 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:45:51.0562 0176 Beep - ok
12:45:51.0578 0176 Suspicious service (NoAccess): bfc4dfb51a25b463
12:45:51.0718 0176 bfc4dfb51a25b463 (8c55911cde8dd5c45e6be123f6ceaca1) C:\WINDOWS\System32\Drivers\bfc4dfb51a25b463.sys
12:45:51.0718 0176 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\bfc4dfb51a25b463.sys. md5: 8c55911cde8dd5c45e6be123f6ceaca1
12:45:51.0765 0176 bfc4dfb51a25b463 ( LockedService.Multi.Generic ) - warning
12:45:51.0765 0176 bfc4dfb51a25b463 - detected LockedService.Multi.Generic (1)
12:45:51.0859 0176 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:45:52.0156 0176 BITS - ok
12:45:52.0328 0176 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:45:52.0843 0176 Bonjour Service - ok
12:45:52.0953 0176 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:45:53.0093 0176 Browser - ok
12:45:53.0234 0176 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:45:53.0359 0176 cbidf - ok
12:45:53.0453 0176 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:45:53.0593 0176 cbidf2k - ok
12:45:53.0734 0176 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:45:53.0796 0176 cd20xrnt - ok
12:45:53.0953 0176 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:45:54.0078 0176 Cdaudio - ok
12:45:54.0156 0176 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:45:54.0296 0176 Cdfs - ok
12:45:54.0437 0176 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:45:54.0578 0176 Cdrom - ok
12:45:54.0703 0176 Changer - ok
12:45:54.0781 0176 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:45:54.0921 0176 CiSvc - ok
12:45:55.0015 0176 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:45:55.0156 0176 ClipSrv - ok
12:45:55.0312 0176 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:55.0453 0176 clr_optimization_v2.0.50727_32 - ok
12:45:55.0609 0176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:55.0750 0176 clr_optimization_v4.0.30319_32 - ok
12:45:55.0906 0176 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:45:56.0046 0176 CmdIde - ok
12:45:56.0125 0176 COMSysApp - ok
12:45:56.0281 0176 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:45:56.0406 0176 Cpqarray - ok
12:45:56.0531 0176 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:45:56.0703 0176 CryptSvc - ok
12:45:56.0843 0176 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
12:45:56.0859 0176 CVirtA - ok
12:45:57.0062 0176 CVPND (d4a26b0926171dc4f969955d157d1311) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
12:45:57.0187 0176 CVPND - ok
12:45:57.0359 0176 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
12:45:57.0375 0176 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
12:45:57.0375 0176 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
12:45:57.0546 0176 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:45:57.0671 0176 dac2w2k - ok
12:45:57.0828 0176 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:45:57.0968 0176 dac960nt - ok
12:45:58.0078 0176 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:45:58.0125 0176 DcomLaunch - ok
12:45:58.0265 0176 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:45:58.0406 0176 Dhcp - ok
12:45:58.0562 0176 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:45:58.0703 0176 Disk - ok
12:45:58.0765 0176 dmadmin - ok
12:45:58.0937 0176 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:45:59.0109 0176 dmboot - ok
12:45:59.0296 0176 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:45:59.0437 0176 dmio - ok
12:45:59.0562 0176 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:45:59.0718 0176 dmload - ok
12:45:59.0843 0176 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:45:59.0968 0176 dmserver - ok
12:46:00.0125 0176 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:46:00.0250 0176 DMusic - ok
12:46:00.0390 0176 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
12:46:00.0421 0176 DNE - ok
12:46:00.0531 0176 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:46:00.0546 0176 Dnscache - ok
12:46:00.0703 0176 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:46:00.0828 0176 Dot3svc - ok
12:46:00.0984 0176 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:46:01.0109 0176 dpti2o - ok
12:46:01.0265 0176 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:46:01.0406 0176 drmkaud - ok
12:46:01.0562 0176 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:46:01.0687 0176 E100B - ok
12:46:01.0812 0176 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:46:01.0953 0176 EapHost - ok
12:46:02.0078 0176 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:46:02.0437 0176 ERSvc - ok
12:46:02.0562 0176 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:46:02.0578 0176 Eventlog - ok
12:46:02.0687 0176 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:46:02.0718 0176 EventSystem - ok
12:46:02.0890 0176 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:46:03.0015 0176 Fastfat - ok
12:46:03.0140 0176 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:46:03.0156 0176 FastUserSwitchingCompatibility - ok
12:46:03.0312 0176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:46:03.0437 0176 Fdc - ok
12:46:03.0593 0176 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:46:03.0734 0176 Fips - ok
12:46:03.0890 0176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:46:04.0015 0176 Flpydisk - ok
12:46:04.0171 0176 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:46:04.0296 0176 FltMgr - ok
12:46:04.0453 0176 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:46:04.0468 0176 FontCache3.0.0.0 - ok
12:46:04.0578 0176 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
12:46:04.0593 0176 FreeAgentGoNext Service - ok
12:46:04.0734 0176 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:46:04.0859 0176 Fs_Rec - ok
12:46:05.0015 0176 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:46:05.0156 0176 Ftdisk - ok
12:46:05.0296 0176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:46:05.0312 0176 GEARAspiWDM - ok
12:46:05.0375 0176 getPlusHelper - ok
12:46:05.0546 0176 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:46:05.0671 0176 Gpc - ok
12:46:05.0828 0176 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:46:05.0953 0176 helpsvc - ok
12:46:06.0046 0176 HidServ - ok
12:46:06.0203 0176 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:46:06.0328 0176 HidUsb - ok
12:46:06.0437 0176 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:46:06.0578 0176 hkmsvc - ok
12:46:06.0703 0176 HP Port Resolver - ok
12:46:06.0812 0176 HP Status Server - ok
12:46:06.0984 0176 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:46:07.0109 0176 hpn - ok
12:46:07.0265 0176 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:46:07.0296 0176 HTTP - ok
12:46:07.0421 0176 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:46:07.0546 0176 HTTPFilter - ok
12:46:07.0703 0176 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:46:07.0828 0176 i2omgmt - ok
12:46:07.0984 0176 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:46:08.0125 0176 i2omp - ok
12:46:08.0250 0176 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:46:08.0375 0176 i8042prt - ok
12:46:08.0562 0176 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:46:08.0609 0176 ialm - ok
12:46:08.0734 0176 Iap (be9a7ee5bfcfe8e3f11c98b892d8fef5) C:\Program Files\Dell\OpenManage\Client\Iap.exe
12:46:08.0734 0176 Iap ( UnsignedFile.Multi.Generic ) - warning
12:46:08.0734 0176 Iap - detected UnsignedFile.Multi.Generic (1)
12:46:08.0875 0176 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:46:08.0875 0176 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:46:08.0875 0176 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:46:09.0093 0176 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:46:09.0156 0176 idsvc - ok
12:46:09.0343 0176 IHA_MessageCenter (c8d477ef6b11af2ef16287f9acc3b4ab) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
12:46:09.0343 0176 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - warning
12:46:09.0343 0176 IHA_MessageCenter - detected UnsignedFile.Multi.Generic (1)
12:46:09.0500 0176 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:46:09.0625 0176 Imapi - ok
12:46:09.0734 0176 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:46:09.0859 0176 ImapiService - ok
12:46:10.0031 0176 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:46:10.0156 0176 ini910u - ok
12:46:10.0312 0176 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:46:10.0437 0176 IntelIde - ok
12:46:10.0578 0176 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:46:10.0703 0176 intelppm - ok
12:46:10.0796 0176 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:46:10.0937 0176 Ip6Fw - ok
12:46:11.0078 0176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:46:11.0203 0176 IpFilterDriver - ok
12:46:11.0359 0176 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:46:11.0484 0176 IpInIp - ok
12:46:11.0640 0176 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:46:11.0781 0176 IpNat - ok
12:46:11.0890 0176 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
12:46:11.0937 0176 iPod Service - ok
12:46:12.0109 0176 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:46:12.0234 0176 IPSec - ok
12:46:12.0375 0176 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:46:12.0453 0176 IRENUM - ok
12:46:12.0625 0176 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:46:12.0750 0176 isapnp - ok
12:46:12.0921 0176 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
12:46:12.0968 0176 JavaQuickStarterService - ok
12:46:13.0109 0176 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:46:13.0250 0176 Kbdclass - ok
12:46:13.0390 0176 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:46:13.0531 0176 kbdhid - ok
12:46:13.0687 0176 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:46:13.0812 0176 kmixer - ok
12:46:13.0953 0176 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:46:13.0968 0176 KSecDD - ok
12:46:14.0093 0176 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:46:14.0109 0176 lanmanserver - ok
12:46:14.0234 0176 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:46:14.0250 0176 lanmanworkstation - ok
12:46:14.0359 0176 lbrtfdc - ok
12:46:14.0500 0176 LexBceS (e19c8550b4c6c67fabffd998eacf440a) C:\WINDOWS\system32\LEXBCES.EXE
12:46:14.0515 0176 LexBceS - ok
12:46:14.0640 0176 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:46:14.0781 0176 LmHosts - ok
12:46:14.0890 0176 mcdbus - ok
12:46:15.0031 0176 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:46:15.0062 0176 MDM - ok
12:46:15.0171 0176 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:46:15.0312 0176 Messenger - ok
12:46:15.0468 0176 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys
12:46:15.0484 0176 MfeRKDK - ok
12:46:15.0656 0176 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys
12:46:15.0656 0176 mfetdik - ok
12:46:15.0812 0176 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:46:15.0937 0176 mnmdd - ok
12:46:16.0046 0176 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:46:16.0203 0176 mnmsrvc - ok
12:46:16.0359 0176 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:46:16.0484 0176 Modem - ok
12:46:16.0640 0176 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:46:16.0765 0176 Mouclass - ok
12:46:16.0906 0176 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:46:17.0046 0176 mouhid - ok
12:46:17.0203 0176 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:46:17.0328 0176 MountMgr - ok
12:46:17.0484 0176 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:46:17.0609 0176 mraid35x - ok
12:46:17.0734 0176 MREMP50 - ok
12:46:17.0859 0176 MREMPR5 - ok
12:46:18.0000 0176 MRENDIS5 - ok
12:46:18.0140 0176 MRESP50 - ok
12:46:18.0296 0176 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:46:18.0421 0176 MRxDAV - ok
12:46:18.0593 0176 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:46:18.0609 0176 MRxSmb - ok
12:46:18.0734 0176 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:46:18.0859 0176 MSDTC - ok
12:46:19.0015 0176 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:46:19.0140 0176 Msfs - ok
12:46:19.0218 0176 MSIServer - ok
12:46:19.0343 0176 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:46:19.0484 0176 MSKSSRV - ok
12:46:19.0625 0176 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:46:19.0750 0176 MSPCLOCK - ok
12:46:19.0906 0176 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:46:20.0031 0176 MSPQM - ok
12:46:20.0187 0176 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:46:20.0312 0176 mssmbios - ok
12:46:20.0468 0176 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:46:20.0500 0176 Mup - ok
12:46:20.0640 0176 myAgtSvc (bcde45e9d2c96054e5beacc412e385e1) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:46:20.0656 0176 myAgtSvc - ok
12:46:20.0781 0176 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:46:20.0921 0176 napagent - ok
12:46:21.0093 0176 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:46:21.0234 0176 NDIS - ok
12:46:21.0375 0176 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:46:21.0390 0176 NdisTapi - ok
12:46:21.0531 0176 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:46:21.0656 0176 Ndisuio - ok
12:46:21.0750 0176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:46:21.0890 0176 NdisWan - ok
12:46:22.0046 0176 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:46:22.0062 0176 NDProxy - ok
12:46:22.0187 0176 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
12:46:22.0187 0176 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:46:22.0187 0176 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:46:22.0343 0176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:46:22.0468 0176 NetBIOS - ok
12:46:22.0625 0176 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:46:22.0750 0176 NetBT - ok
12:46:22.0890 0176 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:46:23.0015 0176 NetDDE - ok
12:46:23.0062 0176 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:46:23.0187 0176 NetDDEdsdm - ok
12:46:23.0265 0176 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:46:23.0390 0176 Netlogon - ok
12:46:23.0531 0176 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:46:23.0656 0176 Netman - ok
12:46:23.0796 0176 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:46:23.0890 0176 NetTcpPortSharing - ok
12:46:24.0015 0176 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:46:24.0046 0176 Nla - ok
12:46:24.0203 0176 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:46:24.0328 0176 Npfs - ok
12:46:24.0500 0176 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:46:24.0640 0176 Ntfs - ok
12:46:24.0750 0176 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:46:24.0875 0176 NtLmSsp - ok
12:46:25.0234 0176 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:46:25.0390 0176 NtmsSvc - ok
12:46:25.0546 0176 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:46:25.0671 0176 Null - ok
12:46:25.0890 0176 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:46:26.0109 0176 nv - ok
12:46:26.0265 0176 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:46:26.0390 0176 NwlnkFlt - ok
12:46:26.0531 0176 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:46:26.0656 0176 NwlnkFwd - ok
12:46:26.0828 0176 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
12:46:26.0828 0176 omci ( UnsignedFile.Multi.Generic ) - warning
12:46:26.0828 0176 omci - detected UnsignedFile.Multi.Generic (1)
12:46:26.0953 0176 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:46:26.0968 0176 ose - ok
12:46:27.0156 0176 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:46:27.0281 0176 Parport - ok
12:46:27.0437 0176 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:46:27.0562 0176 PartMgr - ok
12:46:27.0718 0176 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:46:27.0843 0176 ParVdm - ok
12:46:28.0000 0176 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:46:28.0125 0176 PCI - ok
12:46:28.0250 0176 PCIDump - ok
12:46:28.0343 0176 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:46:28.0468 0176 PCIIde - ok
12:46:28.0625 0176 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:46:28.0750 0176 Pcmcia - ok
12:46:28.0875 0176 PDCOMP - ok
12:46:28.0921 0176 PDFRAME - ok
12:46:28.0984 0176 PDRELI - ok
12:46:29.0046 0176 PDRFRAME - ok
12:46:29.0187 0176 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:46:29.0312 0176 perc2 - ok
12:46:29.0468 0176 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:46:29.0593 0176 perc2hib - ok
12:46:29.0734 0176 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:46:29.0750 0176 PlugPlay - ok
12:46:29.0875 0176 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
12:46:29.0875 0176 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:46:29.0875 0176 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:46:30.0000 0176 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:46:30.0109 0176 PolicyAgent - ok
12:46:30.0265 0176 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:46:30.0390 0176 PptpMiniport - ok
12:46:30.0500 0176 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:46:30.0625 0176 ProtectedStorage - ok
12:46:30.0781 0176 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:46:30.0906 0176 PSched - ok
12:46:31.0062 0176 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:46:31.0187 0176 Ptilink - ok
12:46:31.0343 0176 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:46:31.0359 0176 PxHelp20 - ok
12:46:31.0531 0176 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:46:31.0656 0176 ql1080 - ok
12:46:31.0828 0176 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:46:31.0953 0176 Ql10wnt - ok
12:46:32.0109 0176 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:46:32.0234 0176 ql12160 - ok
12:46:32.0390 0176 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:46:32.0515 0176 ql1240 - ok
12:46:32.0687 0176 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:46:32.0812 0176 ql1280 - ok
12:46:32.0953 0176 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:46:33.0078 0176 RasAcd - ok
12:46:33.0203 0176 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:46:33.0328 0176 RasAuto - ok
12:46:33.0500 0176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:46:33.0609 0176 Rasl2tp - ok
12:46:33.0734 0176 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:46:33.0859 0176 RasMan - ok
12:46:34.0015 0176 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:46:34.0125 0176 RasPppoe - ok
12:46:34.0265 0176 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:46:34.0390 0176 Raspti - ok
12:46:34.0546 0176 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:46:34.0656 0176 Rdbss - ok
12:46:34.0812 0176 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:46:34.0937 0176 RDPCDD - ok
12:46:35.0093 0176 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:46:35.0203 0176 rdpdr - ok
12:46:35.0359 0176 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:46:35.0390 0176 RDPWD - ok
12:46:35.0500 0176 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:46:35.0625 0176 RDSessMgr - ok
12:46:35.0781 0176 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:46:35.0906 0176 redbook - ok
12:46:36.0015 0176 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:46:36.0140 0176 RemoteAccess - ok
12:46:36.0265 0176 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:46:36.0390 0176 RemoteRegistry - ok
12:46:36.0531 0176 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
12:46:36.0562 0176 RimUsb - ok
12:46:36.0718 0176 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:46:36.0734 0176 RimVSerPort - ok
12:46:36.0890 0176 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
12:46:37.0015 0176 ROOTMODEM - ok
12:46:37.0125 0176 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:46:37.0250 0176 RpcLocator - ok
12:46:37.0375 0176 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:46:37.0406 0176 RpcSs - ok
12:46:37.0515 0176 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:46:37.0640 0176 RSVP - ok
12:46:37.0796 0176 RumorServer (bcde45e9d2c96054e5beacc412e385e1) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:46:37.0812 0176 RumorServer - ok
12:46:37.0921 0176 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:46:38.0031 0176 SamSs - ok
12:46:38.0171 0176 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:46:38.0187 0176 SASDIFSV - ok
12:46:38.0296 0176 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:46:38.0312 0176 SASKUTIL - ok
12:46:38.0515 0176 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
12:46:38.0531 0176 SBRE - ok
12:46:38.0640 0176 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:46:38.0765 0176 SCardSvr - ok
12:46:38.0890 0176 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:46:39.0031 0176 Schedule - ok
12:46:39.0171 0176 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:46:39.0234 0176 Secdrv - ok
12:46:39.0359 0176 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:46:39.0484 0176 seclogon - ok
12:46:39.0609 0176 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:46:39.0718 0176 SENS - ok
12:46:39.0859 0176 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:46:39.0984 0176 serenum - ok
12:46:40.0125 0176 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:46:40.0250 0176 Serial - ok
12:46:40.0421 0176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:46:40.0546 0176 Sfloppy - ok
12:46:40.0671 0176 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:46:40.0812 0176 SharedAccess - ok
12:46:40.0937 0176 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:46:40.0968 0176 ShellHWDetection - ok
12:46:41.0078 0176 Simbad - ok
12:46:41.0218 0176 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:46:41.0328 0176 sisagp - ok
12:46:41.0515 0176 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
12:46:41.0562 0176 smwdm - ok
12:46:41.0750 0176 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:46:41.0812 0176 Sparrow - ok
12:46:41.0953 0176 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:46:42.0078 0176 splitter - ok
12:46:42.0187 0176 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:46:42.0203 0176 Spooler - ok
12:46:42.0343 0176 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:46:42.0406 0176 sr - ok
12:46:42.0531 0176 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:46:42.0593 0176 srservice - ok
12:46:42.0750 0176 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:46:42.0781 0176 Srv - ok
12:46:42.0890 0176 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:46:42.0953 0176 SSDPSRV - ok
12:46:43.0140 0176 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:46:43.0156 0176 ssmdrv - ok
12:46:43.0265 0176 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:46:43.0406 0176 stisvc - ok
12:46:43.0578 0176 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:46:43.0687 0176 swenum - ok
12:46:43.0843 0176 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:46:43.0968 0176 swmidi - ok
12:46:44.0046 0176 SwPrv - ok
12:46:44.0218 0176 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:46:44.0343 0176 symc810 - ok
12:46:44.0500 0176 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:46:44.0625 0176 symc8xx - ok
12:46:44.0687 0176 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:46:44.0812 0176 sym_hi - ok
12:46:44.0968 0176 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:46:45.0093 0176 sym_u3 - ok
12:46:45.0234 0176 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:46:45.0359 0176 sysaudio - ok
12:46:45.0468 0176 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:46:45.0593 0176 SysmonLog - ok
12:46:45.0718 0176 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:46:45.0843 0176 TapiSrv - ok
12:46:45.0984 0176 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:46:46.0015 0176 Tcpip - ok
12:46:46.0187 0176 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:46:46.0296 0176 TDPIPE - ok
12:46:46.0468 0176 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:46:46.0593 0176 TDTCP - ok
12:46:46.0750 0176 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:46:46.0859 0176 TermDD - ok
12:46:47.0000 0176 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:46:47.0140 0176 TermService - ok
12:46:47.0250 0176 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:46:47.0281 0176 Themes - ok
12:46:47.0375 0176 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:46:47.0437 0176 TlntSvr - ok
12:46:47.0609 0176 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:46:47.0718 0176 TosIde - ok
12:46:47.0843 0176 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:46:47.0984 0176 TrkWks - ok
12:46:48.0140 0176 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:46:48.0265 0176 Udfs - ok
12:46:48.0453 0176 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:46:48.0515 0176 ultra - ok
12:46:48.0671 0176 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:46:48.0796 0176 Update - ok
12:46:48.0859 0176 Updater Service for StartNow Toolbar - ok
12:46:48.0968 0176 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:46:49.0046 0176 upnphost - ok
12:46:49.0156 0176 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:46:49.0281 0176 UPS - ok
12:46:49.0453 0176 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:46:49.0562 0176 usbccgp - ok
12:46:49.0718 0176 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:46:49.0843 0176 usbehci - ok
12:46:50.0000 0176 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:46:50.0125 0176 usbhub - ok
12:46:50.0281 0176 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:46:50.0406 0176 usbprint - ok
12:46:50.0546 0176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:46:50.0671 0176 usbscan - ok
12:46:50.0843 0176 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:46:50.0953 0176 USBSTOR - ok
12:46:51.0093 0176 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:46:51.0218 0176 usbuhci - ok
12:46:51.0375 0176 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:46:51.0500 0176 VgaSave - ok
12:46:51.0656 0176 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:46:51.0765 0176 viaagp - ok
12:46:51.0937 0176 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:46:52.0062 0176 ViaIde - ok
12:46:52.0140 0176 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:46:52.0265 0176 VolSnap - ok
12:46:52.0390 0176 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
12:46:52.0421 0176 vsdatant - ok
12:46:52.0562 0176 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:46:52.0656 0176 VSS - ok
12:46:52.0781 0176 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:46:52.0906 0176 w32time - ok
12:46:53.0062 0176 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:46:53.0187 0176 Wanarp - ok
12:46:53.0343 0176 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:46:53.0375 0176 Wdf01000 - ok
12:46:53.0500 0176 WDICA - ok
12:46:53.0578 0176 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:46:53.0703 0176 wdmaud - ok
12:46:53.0812 0176 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:46:53.0937 0176 WebClient - ok
12:46:54.0109 0176 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:46:54.0234 0176 winmgmt - ok
12:46:54.0375 0176 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
12:46:54.0468 0176 WinRM - ok
12:46:54.0609 0176 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:46:54.0625 0176 WmdmPmSN - ok
12:46:54.0765 0176 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:46:54.0843 0176 Wmi - ok
12:46:55.0000 0176 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:46:55.0125 0176 WmiApSrv - ok
12:46:55.0265 0176 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:46:55.0328 0176 WMPNetworkSvc - ok
12:46:55.0546 0176 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:46:55.0640 0176 WPFFontCache_v0400 - ok
12:46:55.0765 0176 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:46:55.0890 0176 wscsvc - ok
12:46:55.0968 0176 WSearch - ok
12:46:56.0093 0176 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:46:56.0234 0176 wuauserv - ok
12:46:56.0375 0176 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:46:56.0390 0176 WudfPf - ok
12:46:56.0562 0176 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:46:56.0578 0176 WudfRd - ok
12:46:56.0718 0176 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:46:56.0750 0176 WudfSvc - ok
12:46:56.0875 0176 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:46:57.0015 0176 WZCSVC - ok
12:46:57.0140 0176 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:46:57.0265 0176 xmlprov - ok
12:46:57.0328 0176 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:46:57.0562 0176 \Device\Harddisk0\DR0 - ok
12:46:57.0562 0176 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
12:46:57.0687 0176 \Device\Harddisk1\DR3 - ok
12:46:57.0687 0176 Boot (0x1200) (eebc55c7a3da0fafb3587db7138968b9) \Device\Harddisk0\DR0\Partition0
12:46:57.0687 0176 \Device\Harddisk0\DR0\Partition0 - ok
12:46:57.0703 0176 Boot (0x1200) (2d1b1a2512a15200c7911a9fa36c5483) \Device\Harddisk1\DR3\Partition0
12:46:57.0703 0176 \Device\Harddisk1\DR3\Partition0 - ok
12:46:57.0703 0176 ============================================================
12:46:57.0703 0176 Scan finished
12:46:57.0703 0176 ============================================================
12:46:57.0812 4060 Detected object count: 11
12:46:57.0812 4060 Actual detected object count: 11
12:48:23.0765 4060 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0765 4060 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0765 4060 BAsfIpM ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0765 4060 BAsfIpM ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0765 4060 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0765 4060 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0765 4060 bfc4dfb51a25b463 ( LockedService.Multi.Generic ) - skipped by user
12:48:23.0765 4060 bfc4dfb51a25b463 ( LockedService.Multi.Generic ) - User select action: Skip
12:48:23.0781 4060 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0781 4060 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0781 4060 Iap ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0781 4060 Iap ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0781 4060 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0781 4060 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0781 4060 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0781 4060 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0781 4060 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0781 4060 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0781 4060 omci ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0781 4060 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:48:23.0781 4060 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:48:23.0781 4060 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

More to come shortly! THANK YOU!

IndyBlue
  • 0

#4
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
Hi again!

Here is the asw.MBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 12:59:00
-----------------------------
12:59:00.265 OS Version: Windows 5.1.2600 Service Pack 3
12:59:00.265 Number of processors: 2 586 0x401
12:59:00.265 ComputerName: HOME UserName:
12:59:00.609 Initialze error C0000001 - driver not loaded
13:00:40.343 AVAST engine defs: 12032801
13:00:49.531 Service scanning
13:00:53.046 Service bfc4dfb51a25b463 C:\WINDOWS\System32\Drivers\bfc4dfb51a25b463.sys **HIDDEN**
13:01:16.968 Modules scanning
13:01:16.968 Disk 0 trace - called modules:
13:01:16.968
13:01:17.203 AVAST engine scan C:\WINDOWS
13:01:34.265 AVAST engine scan C:\WINDOWS\system32
13:04:21.109 AVAST engine scan C:\WINDOWS\system32\drivers
13:04:34.093 AVAST engine scan C:\Documents and Settings\Administrator
13:04:34.218 File: C:\Documents and Settings\Administrator\4ri3cpttav.exe **INFECTED** Win32:Crypt-LZG [Trj]
13:06:16.640 File: C:\Documents and Settings\Administrator\Local Settings\Temp\313.tmp **INFECTED** Win32:Crypt-LZG [Trj]
13:08:17.046 AVAST engine scan C:\Documents and Settings\All Users
13:08:55.343 Scan finished successfully
13:10:45.718 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

I apologize but I could not find the MBR.dat file. There doesn't seem to be one, unless I did something incorrectly. Could you please tell me where I would find this? I looked in C:\Documents and Settings\Administrator, and I found an NTUser.dat file that was just created, but it wouldn't let me zip it. Once again, I'm so sorry--if you could explain where to get this file, I will send it immediately.

THANKS AGAIN!! More to come shortly.

IndyBlue
  • 0

#5
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
Hi again, Maliprog!

I tried to run the GMER program, and I'm not sure if I was successful. I downloaded it, shut off all my active virus protection (which actually has been disabled by whatever infection my computer has), and then ran the program.

The first message I got was a "load driver error" (actually, all these programs gave me that message). It said that it "cannot create a stable subkey under a volatile parent key." I clicked ok and proceeded.

I got a warning, saying "GMER has found system modification, which might have been caused by ROOTKIT activity.Do you want to fully scan your system?" Per your instructions, I said no, and then got a very short log, which I've pasted in here:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-28 13:33:22
Windows 5.1.2600 Service Pack 3
Running: 5vkh3co4.exe


---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\Drivers\bfc4dfb51a25b463.sys (*** hidden *** ) [BOOT] bfc4dfb51a25b463 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

If I've done something incorrectly, I apologize! (I told you that I'm not very computer savvy!) Could you please explain if I need to rerun any of these programs and/or if there's anything else I need to do?

Many thanks once more for your patience and generosity with your time!!

Sincerely,

IndyBlue
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi IndyBlue,

Please stop apologizing. We are in this together now :). You did everything right. Let's try to remove bad services and files from your PC.

Step 1

We need to use GMER to delete a service and remove the file:
  • Open the gmer folder and double click gmer.exe to run the program
  • On starting GMER will run a short scan, allow it to complete this, then click No if it asks you to run a full scan.
  • Click on the > > > tab to open the menus

Posted Image

  • Click on the Services tab

Posted Image
  • Scroll down until you find the following Services


    C:\WINDOWS\System32\Drivers\bfc4dfb51a25b463.sys
  • Click on the Service Name to Highlight it, then right click and choose Delete...

    Posted Image
  • Click OK at the first confirmation dialog to remove the service
  • Click OK to the second confirmation dialog to remove the file
  • Click OK to exit the program


Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    C:\Documents and Settings\Administrator\4ri3cpttav.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\313.tmp

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Please run aswMBR scan again as you did last time and post log here for me.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • aswMBR new log
It would be helpful if you could post each log in separate post
  • 0

#7
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
Dear Maliprog,

I did Step 1 exactly as you instructed but it would not let me delete C:\WINDOWS\System32\Drivers\bfc4dfb51a25b463.sys. I tried a few times, but I kept getting error messages followed by a message that said that the file had not been deleted. Since I could not complete this step, I did not go to the next step. Could you please advise?

Again, many thanks!

Sincerely,

IndyBlue
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi IndyBlue,

Let's try to use another program to remove it.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

Driver::

Rootkit::
C:\WINDOWS\System32\Drivers\bfc4dfb51a25b463.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
Hi, Maliprog,

I hope I did everything correctly! Here is the log:

ComboFix 12-03-30.06 - Administrator 03/30/2012 10:28:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1451 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\4ri3cpttav.exe
c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\fad.sys
c:\windows\system32\SETDA.tmp
c:\windows\winhelp.ini
E:\Autorun.inf
E:\install.exe
E:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_bfc4dfb51a25b463
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_bfc4dfb51a25b463
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-28 16:41 . 2012-03-28 16:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2012-03-26 19:18 . 2012-03-26 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-26 19:18 . 2012-03-26 19:18 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-26 17:16 . 2012-03-26 17:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-03-26 17:15 . 2012-03-26 17:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 17:15 . 2012-03-26 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-21 00:20 . 2012-03-21 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-19 02:50 . 2012-03-19 02:50 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 02:50 . 2012-03-19 02:50 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-18 22:05 . 2012-03-18 22:05 -------- d-----w- c:\program files\iPod
2012-03-18 22:05 . 2012-03-18 22:07 -------- d-----w- c:\program files\iTunes
2012-03-11 18:27 . 2012-03-11 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
2012-03-11 18:26 . 2012-03-11 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{47962A4D-850A-465D-9FBA-1EF1487F6C79}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2004-08-04 11:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-14 20:12 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-04 11:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-07-15 16:56 . 2010-07-15 16:57 101760 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-03-19 02:50 . 2011-03-24 23:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-26 273544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2011-1-20 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]
2010-09-21 08:53 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [3/26/2012 3:18 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [3/13/2011 12:56 PM 98392]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/10/2012 11:44 AM 86224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 151552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [3/18/2005 12:38 PM 291064]
S4 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [3/18/2005 12:38 PM 291064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-03-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645323773-337999594-3888003708-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-03-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645323773-337999594-3888003708-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ha564o1z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=en_US&apn_uid=52FBA787-ADD9-4977-A05B-07D7A5A2DEBF&apn_ptnrs=GL&apn_sauid=B245B120-AB61-4560-AC20-BD99665E1C72&apn_dtid=YYYYYYYYUS&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-EasyDVDMon - (no file)
HKCU-Run-4ri3cpttav - c:\documents and settings\Administrator\4ri3cpttav.exe
HKLM-Run-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
MSConfigStartUp-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 10:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645323773-337999594-3888003708-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,5d,28,d3,50,67,69,43,83,de,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,5d,28,d3,50,67,69,43,83,de,b8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-30 10:50:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 14:50
.
Pre-Run: 15,147,016,192 bytes free
Post-Run: 17,266,421,760 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 15A101CCEC46DC2175A4A020ED7CCC93

********************

Note: my antivirus is working again, and I no longer am getting the message that my automatic updates are turned off!! Seems like you fixed everything! :)

I had a couple of questions for you, if that's okay; however, first please tell me if there's anything else I need to do to complete this fix.

I am very, very grateful to you!

Sincerely,

IndyBlue
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that. But we are not done jet. There is still some leftovers that we need to remove. Please stick with me until the end.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    C:\Documents and Settings\Administrator\4ri3cpttav.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\313.tmp

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please run aswMBR scan again as you did last time and post log here for me.

Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • aswMBR new log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

Advertisements


#11
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
Hi, again!

Here is the OTL log:

All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\Documents and Settings\Administrator\4ri3cpttav.exe not found.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\313.tmp not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1430 bytes
->Temporary Internet Files folder emptied: 2334342 bytes
->Java cache emptied: 322597 bytes
->FireFox cache emptied: 154595466 bytes
->Flash cache emptied: 102402 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327814 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1804931 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 152.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03302012_152538

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

More to come shortly!

Thanks!!

IndyBlue
  • 0

#12
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
I am running aswMBR right now and will have that log to you very soon.

Quick question re Step 3: I was wondering if I should check off my external hard drive as well when I run the Kaspersky scan? Could you let me know? If I don't hear from you before I run the scan, then I will follow your directions exactly and just scan what you indicated in the picture. I imagine that the external hard drive can be scanned later, if necessary.

Thanks!!

IndyBlue
  • 0

#13
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 15:33:43
-----------------------------
15:33:43.578 OS Version: Windows 5.1.2600 Service Pack 3
15:33:43.578 Number of processors: 2 586 0x401
15:33:43.578 ComputerName: HOME UserName:
15:33:44.031 Initialize success
15:35:31.343 AVAST engine defs: 12033000
15:36:37.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:36:37.750 Disk 0 Vendor: ST340014AS 8.12 Size: 38146MB BusType: 3
15:36:37.781 Disk 0 MBR read successfully
15:36:37.781 Disk 0 MBR scan
15:36:37.843 Disk 0 Windows XP default MBR code
15:36:37.843 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
15:36:37.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38099 MB offset 64260
15:36:37.875 Disk 0 scanning sectors +78091965
15:36:37.953 Disk 0 scanning C:\WINDOWS\system32\drivers
15:36:50.906 Service scanning
15:37:20.968 Modules scanning
15:37:33.187 Disk 0 trace - called modules:
15:37:33.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:37:33.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc3ab8]
15:37:33.203 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x89e52828]
15:37:33.484 AVAST engine scan C:\WINDOWS
15:37:51.734 AVAST engine scan C:\WINDOWS\system32
15:41:27.812 AVAST engine scan C:\WINDOWS\system32\drivers
15:41:45.687 AVAST engine scan C:\Documents and Settings\Administrator
15:44:06.437 AVAST engine scan C:\Documents and Settings\All Users
15:45:06.781 Scan finished successfully
15:49:54.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
15:49:54.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBRnew.txt"

I don't know if you need this, but I attached the MBR.dat file in a compressed file (per your earlier instructions).

More to come...

Thanks for all this help!!

IndyBlue

Attached Files

  • Attached File  MBR.zip   513bytes   108 downloads

  • 0

#14
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 138 posts
Hi once again, Maliprog!

I ran the VRT, and here is the detected threads log:

Status: Deleted (events: 5)
3/30/2012 5:22:52 PM Deleted Trojan program Trojan-Dropper.Win32.Agent.gmox C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\4ri3cpttav.exe.vir High
3/30/2012 5:22:55 PM Deleted Trojan program Rootkit.Win32.Agent.cxdv C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\bfc4dfb51a25b463.sys.vir High
3/30/2012 5:22:53 PM Deleted Trojan program Trojan-Dropper.Win32.Agent.gmox C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1609\A0170461.exe High
3/30/2012 5:22:57 PM Deleted Trojan program Rootkit.Win32.Agent.cxdv C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1609\A0170462.sys High
3/30/2012 9:51:00 PM Deleted Trojan program Trojan.HTML.Fraud.di E:\Old Hard Drive\Program Files\Verizon Online\SmartBridge\Updates\SmartBridge.rul High
Status: Disinfected (events: 4)
3/30/2012 5:22:24 PM Disinfected Trojan program Trojan-Dropper.Win32.Agent.gmox C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\_4ri3cpttav_.exe.zip High
3/30/2012 5:22:24 PM Disinfected Trojan program Trojan-Dropper.Win32.Agent.gmox C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\_4ri3cpttav_.exe.zip/4ri3cpttav.exe High
3/30/2012 5:22:24 PM Disinfected Trojan program Rootkit.Win32.Agent.cxdv C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_bfc4dfb51a25b463_.sys.zip High
3/30/2012 5:22:24 PM Disinfected Trojan program Rootkit.Win32.Agent.cxdv C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_bfc4dfb51a25b463_.sys.zip/bfc4dfb51a25b463.sys High

That should be it! Please let me know if there is anything else you need me to do.

A couple of questions:

1) Which free antivirus program do you think is the best? I used to use Avast and now I'm using Avira. I'm not so crazy about Avira. I would like to install the one that you think works most effectively.

2) Which malware removal program is the best. I've always used MalwareBytes; however, perhaps there is a better one? Which one would you recommend?

Thanks again for EVERYTHING. Have a good weekend!

Sincerely,

IndyBlue
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi user,

You can leave Malwarebytes. It's a great antimalware program. I use it too.

I use Microsoft Security Essentials but here is my antivirus recomendation:


Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP