Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer freezes, slow Trojan:Wind31/Sirefef!cfg

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby bigmedia » September 20th, 2012, 10:45 am

pgmigg,

Here is the TDSSKiller log again. You were right. There were a lot more lines.

Also, I sent another post indicating that I think the virus is attached to my files on my zip drive. I think the computer is clean, but I'll wait to hear your assessment.

10:22:14.0972 4740 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:22:16.0984 4740 ============================================================
10:22:16.0984 4740 Current date / time: 2012/09/20 10:22:16.0984
10:22:16.0984 4740 SystemInfo:
10:22:16.0984 4740
10:22:16.0984 4740 OS Version: 6.0.6002 ServicePack: 2.0
10:22:16.0984 4740 Product type: Workstation
10:22:16.0984 4740 ComputerName: MICHAEL-PC
10:22:16.0984 4740 UserName: Michael
10:22:16.0984 4740 Windows directory: C:\Windows
10:22:16.0984 4740 System windows directory: C:\Windows
10:22:16.0984 4740 Processor architecture: Intel x86
10:22:16.0984 4740 Number of processors: 2
10:22:16.0984 4740 Page size: 0x1000
10:22:16.0984 4740 Boot type: Normal boot
10:22:16.0984 4740 ============================================================
10:22:18.0544 4740 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:22:18.0560 4740 ============================================================
10:22:18.0560 4740 \Device\Harddisk0\DR0:
10:22:18.0560 4740 MBR partitions:
10:22:18.0560 4740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
10:22:18.0560 4740 ============================================================
10:22:18.0575 4740 C: <-> \Device\Harddisk0\DR0\Partition1
10:22:18.0575 4740 ============================================================
10:22:18.0575 4740 Initialize success
10:22:18.0575 4740 ============================================================
10:22:21.0961 1120 ============================================================
10:22:21.0961 1120 Scan started
10:22:21.0961 1120 Mode: Manual;
10:22:21.0961 1120 ============================================================
10:22:22.0585 1120 ================ Scan system memory ========================
10:22:22.0585 1120 System memory - ok
10:22:22.0585 1120 ================ Scan services =============================
10:22:22.0787 1120 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:22:22.0787 1120 ACPI - ok
10:22:22.0865 1120 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:22:22.0865 1120 AdobeARMservice - ok
10:22:22.0912 1120 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:22:22.0912 1120 adp94xx - ok
10:22:22.0943 1120 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:22:22.0959 1120 adpahci - ok
10:22:22.0975 1120 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:22:22.0990 1120 adpu160m - ok
10:22:23.0021 1120 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:22:23.0021 1120 adpu320 - ok
10:22:23.0068 1120 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:22:23.0068 1120 AeLookupSvc - ok
10:22:23.0099 1120 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
10:22:23.0115 1120 AFD - ok
10:22:23.0146 1120 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:22:23.0146 1120 agp440 - ok
10:22:23.0162 1120 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:22:23.0162 1120 aic78xx - ok
10:22:23.0193 1120 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:22:23.0193 1120 ALG - ok
10:22:23.0224 1120 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
10:22:23.0224 1120 aliide - ok
10:22:23.0240 1120 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:22:23.0240 1120 amdagp - ok
10:22:23.0271 1120 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
10:22:23.0271 1120 amdide - ok
10:22:23.0287 1120 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:22:23.0302 1120 AmdK7 - ok
10:22:23.0318 1120 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:22:23.0318 1120 AmdK8 - ok
10:22:23.0365 1120 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:22:23.0365 1120 Appinfo - ok
10:22:23.0458 1120 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:22:23.0474 1120 Apple Mobile Device - ok
10:22:23.0505 1120 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
10:22:23.0505 1120 arc - ok
10:22:23.0521 1120 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:22:23.0521 1120 arcsas - ok
10:22:23.0552 1120 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:22:23.0567 1120 AsyncMac - ok
10:22:23.0583 1120 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
10:22:23.0583 1120 atapi - ok
10:22:23.0599 1120 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:22:23.0599 1120 AudioEndpointBuilder - ok
10:22:23.0614 1120 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:22:23.0630 1120 Audiosrv - ok
10:22:23.0708 1120 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:22:23.0708 1120 b57nd60x - ok
10:22:23.0723 1120 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:22:23.0723 1120 Beep - ok
10:22:23.0739 1120 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
10:22:23.0755 1120 BFE - ok
10:22:23.0801 1120 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
10:22:23.0833 1120 BITS - ok
10:22:23.0864 1120 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:22:23.0864 1120 blbdrive - ok
10:22:23.0911 1120 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:22:23.0926 1120 Bonjour Service - ok
10:22:23.0942 1120 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:22:23.0942 1120 bowser - ok
10:22:23.0989 1120 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:22:23.0989 1120 BrFiltLo - ok
10:22:24.0020 1120 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:22:24.0020 1120 BrFiltUp - ok
10:22:24.0051 1120 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:22:24.0051 1120 Browser - ok
10:22:24.0082 1120 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:22:24.0082 1120 Brserid - ok
10:22:24.0098 1120 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:22:24.0098 1120 BrSerWdm - ok
10:22:24.0129 1120 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:22:24.0129 1120 BrUsbMdm - ok
10:22:24.0160 1120 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:22:24.0160 1120 BrUsbSer - ok
10:22:24.0176 1120 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:22:24.0176 1120 BTHMODEM - ok
10:22:24.0223 1120 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:22:24.0223 1120 cdfs - ok
10:22:24.0223 1120 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:22:24.0223 1120 cdrom - ok
10:22:24.0269 1120 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
10:22:24.0269 1120 CertPropSvc - ok
10:22:24.0301 1120 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
10:22:24.0301 1120 circlass - ok
10:22:24.0332 1120 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
10:22:24.0347 1120 CLFS - ok
10:22:24.0410 1120 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:22:24.0457 1120 clr_optimization_v2.0.50727_32 - ok
10:22:24.0535 1120 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:22:24.0535 1120 clr_optimization_v4.0.30319_32 - ok
10:22:24.0581 1120 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:22:24.0581 1120 CmBatt - ok
10:22:24.0613 1120 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:22:24.0613 1120 cmdide - ok
10:22:24.0644 1120 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:22:24.0644 1120 Compbatt - ok
10:22:24.0644 1120 COMSysApp - ok
10:22:24.0659 1120 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:22:24.0659 1120 crcdisk - ok
10:22:24.0675 1120 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:22:24.0691 1120 Crusoe - ok
10:22:24.0753 1120 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:22:24.0769 1120 CryptSvc - ok
10:22:24.0815 1120 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:22:24.0831 1120 DcomLaunch - ok
10:22:24.0847 1120 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:22:24.0847 1120 DfsC - ok
10:22:24.0925 1120 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
10:22:24.0971 1120 DFSR - ok
10:22:25.0003 1120 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:22:25.0018 1120 Dhcp - ok
10:22:25.0018 1120 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
10:22:25.0018 1120 disk - ok
10:22:25.0049 1120 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:22:25.0049 1120 Dnscache - ok
10:22:25.0081 1120 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:22:25.0081 1120 dot3svc - ok
10:22:25.0143 1120 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:22:25.0143 1120 Dot4 - ok
10:22:25.0190 1120 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:22:25.0190 1120 Dot4Print - ok
10:22:25.0205 1120 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:22:25.0205 1120 dot4usb - ok
10:22:25.0283 1120 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:22:25.0283 1120 DPS - ok
10:22:25.0330 1120 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:22:25.0330 1120 drmkaud - ok
10:22:25.0361 1120 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:22:25.0377 1120 DXGKrnl - ok
10:22:25.0439 1120 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:22:25.0439 1120 E1G60 - ok
10:22:25.0455 1120 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:22:25.0471 1120 EapHost - ok
10:22:25.0502 1120 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:22:25.0502 1120 Ecache - ok
10:22:25.0564 1120 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:22:25.0564 1120 ehRecvr - ok
10:22:25.0580 1120 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:22:25.0580 1120 ehSched - ok
10:22:25.0611 1120 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:22:25.0611 1120 ehstart - ok
10:22:25.0642 1120 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:22:25.0658 1120 elxstor - ok
10:22:25.0720 1120 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:22:25.0736 1120 EMDMgmt - ok
10:22:25.0767 1120 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:22:25.0767 1120 ErrDev - ok
10:22:25.0798 1120 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
10:22:25.0814 1120 EventSystem - ok
10:22:25.0876 1120 [ 54B6E150BFF4A47EB0D204119D262E46 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:22:25.0907 1120 EvtEng - ok
10:22:25.0954 1120 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
10:22:25.0954 1120 exfat - ok
10:22:25.0985 1120 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:22:26.0001 1120 fastfat - ok
10:22:26.0017 1120 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:22:26.0017 1120 fdc - ok
10:22:26.0032 1120 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:22:26.0032 1120 fdPHost - ok
10:22:26.0048 1120 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:22:26.0048 1120 FDResPub - ok
10:22:26.0063 1120 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:22:26.0063 1120 FileInfo - ok
10:22:26.0079 1120 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:22:26.0079 1120 Filetrace - ok
10:22:26.0141 1120 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:22:26.0157 1120 FLEXnet Licensing Service - ok
10:22:26.0173 1120 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:22:26.0173 1120 flpydisk - ok
10:22:26.0188 1120 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:22:26.0188 1120 FltMgr - ok
10:22:26.0251 1120 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
10:22:26.0266 1120 FontCache - ok
10:22:26.0375 1120 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:22:26.0375 1120 FontCache3.0.0.0 - ok
10:22:26.0407 1120 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:22:26.0407 1120 Fs_Rec - ok
10:22:26.0438 1120 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:22:26.0438 1120 gagp30kx - ok
10:22:26.0469 1120 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:22:26.0469 1120 GEARAspiWDM - ok
10:22:26.0516 1120 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
10:22:26.0531 1120 gpsvc - ok
10:22:26.0594 1120 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:22:26.0594 1120 HdAudAddService - ok
10:22:26.0625 1120 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:22:26.0641 1120 HDAudBus - ok
10:22:26.0656 1120 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:22:26.0656 1120 HidBth - ok
10:22:26.0687 1120 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:22:26.0687 1120 HidIr - ok
10:22:26.0719 1120 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
10:22:26.0719 1120 hidserv - ok
10:22:26.0734 1120 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:22:26.0734 1120 HidUsb - ok
10:22:26.0781 1120 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:22:26.0781 1120 hkmsvc - ok
10:22:26.0812 1120 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:22:26.0812 1120 HpCISSs - ok
10:22:26.0921 1120 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:22:27.0124 1120 hpqcxs08 - ok
10:22:27.0140 1120 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:22:27.0155 1120 hpqddsvc - ok
10:22:27.0187 1120 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:22:27.0187 1120 HSFHWAZL - ok
10:22:27.0249 1120 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:22:27.0296 1120 HSF_DPV - ok
10:22:27.0343 1120 [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:22:27.0358 1120 HSXHWAZL - ok
10:22:27.0389 1120 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:22:27.0389 1120 HTTP - ok
10:22:27.0436 1120 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:22:27.0436 1120 i2omp - ok
10:22:27.0483 1120 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:22:27.0483 1120 i8042prt - ok
10:22:27.0514 1120 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:22:27.0514 1120 iaStorV - ok
10:22:27.0577 1120 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:22:27.0592 1120 idsvc - ok
10:22:27.0670 1120 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:22:27.0733 1120 igfx - ok
10:22:27.0748 1120 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:22:27.0748 1120 iirsp - ok
10:22:27.0811 1120 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
10:22:27.0811 1120 IKEEXT - ok
10:22:27.0889 1120 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:22:27.0935 1120 IntcAzAudAddService - ok
10:22:27.0951 1120 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
10:22:27.0951 1120 intelide - ok
10:22:27.0967 1120 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:22:27.0967 1120 intelppm - ok
10:22:28.0013 1120 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:22:28.0013 1120 IntuitUpdateServiceV4 - ok
10:22:28.0029 1120 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:22:28.0045 1120 IPBusEnum - ok
10:22:28.0076 1120 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:22:28.0076 1120 IpFilterDriver - ok
10:22:28.0123 1120 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:22:28.0123 1120 iphlpsvc - ok
10:22:28.0138 1120 IpInIp - ok
10:22:28.0169 1120 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:22:28.0169 1120 IPMIDRV - ok
10:22:28.0185 1120 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:22:28.0201 1120 IPNAT - ok
10:22:28.0263 1120 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:22:28.0294 1120 iPod Service - ok
10:22:28.0310 1120 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
10:22:28.0310 1120 irda - ok
10:22:28.0341 1120 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:22:28.0341 1120 IRENUM - ok
10:22:28.0357 1120 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
10:22:28.0357 1120 Irmon - ok
10:22:28.0388 1120 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:22:28.0388 1120 isapnp - ok
10:22:28.0419 1120 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:22:28.0419 1120 iScsiPrt - ok
10:22:28.0466 1120 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:22:28.0466 1120 iteatapi - ok
10:22:28.0466 1120 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:22:28.0481 1120 iteraid - ok
10:22:28.0481 1120 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:22:28.0481 1120 kbdclass - ok
10:22:28.0513 1120 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:22:28.0513 1120 kbdhid - ok
10:22:28.0559 1120 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
10:22:28.0575 1120 KeyIso - ok
10:22:28.0622 1120 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:22:28.0622 1120 KSecDD - ok
10:22:28.0669 1120 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:22:28.0669 1120 KtmRm - ok
10:22:28.0700 1120 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
10:22:28.0715 1120 LanmanServer - ok
10:22:28.0747 1120 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:22:28.0762 1120 LanmanWorkstation - ok
10:22:28.0778 1120 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:22:28.0778 1120 lltdio - ok
10:22:28.0825 1120 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:22:28.0825 1120 lltdsvc - ok
10:22:28.0856 1120 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:22:28.0856 1120 lmhosts - ok
10:22:28.0887 1120 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:22:28.0887 1120 LSI_FC - ok
10:22:28.0903 1120 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:22:28.0918 1120 LSI_SAS - ok
10:22:28.0965 1120 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:22:28.0981 1120 LSI_SCSI - ok
10:22:28.0996 1120 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:22:29.0012 1120 luafv - ok
10:22:29.0075 1120 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
10:22:29.0075 1120 MatSvc - ok
10:22:29.0122 1120 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:22:29.0122 1120 Mcx2Svc - ok
10:22:29.0153 1120 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:22:29.0153 1120 mdmxsdk - ok
10:22:29.0184 1120 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
10:22:29.0184 1120 megasas - ok
10:22:29.0216 1120 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:22:29.0231 1120 MegaSR - ok
10:22:29.0262 1120 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:22:29.0262 1120 MMCSS - ok
10:22:29.0294 1120 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:22:29.0294 1120 Modem - ok
10:22:29.0325 1120 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:22:29.0325 1120 monitor - ok
10:22:29.0340 1120 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:22:29.0340 1120 mouclass - ok
10:22:29.0356 1120 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:22:29.0356 1120 mouhid - ok
10:22:29.0387 1120 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:22:29.0387 1120 MountMgr - ok
10:22:29.0403 1120 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:22:29.0403 1120 MpFilter - ok
10:22:29.0450 1120 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys
10:22:29.0450 1120 mpio - ok
10:22:29.0559 1120 [ A69630D039C38018689190234F866D77 ] MpKslff8e105d c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B81530-CF2B-44F3-99F6-83CF947FE8F0}\MpKslff8e105d.sys
10:22:29.0559 1120 MpKslff8e105d - ok
10:22:29.0574 1120 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:22:29.0574 1120 mpsdrv - ok
10:22:29.0606 1120 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
10:22:29.0621 1120 MpsSvc - ok
10:22:29.0652 1120 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:22:29.0652 1120 Mraid35x - ok
10:22:29.0684 1120 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:22:29.0684 1120 MRxDAV - ok
10:22:29.0715 1120 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:22:29.0715 1120 mrxsmb - ok
10:22:29.0746 1120 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:22:29.0746 1120 mrxsmb10 - ok
10:22:29.0762 1120 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:22:29.0762 1120 mrxsmb20 - ok
10:22:29.0777 1120 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
10:22:29.0777 1120 msahci - ok
10:22:29.0793 1120 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:22:29.0793 1120 msdsm - ok
10:22:29.0824 1120 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:22:29.0824 1120 MSDTC - ok
10:22:29.0840 1120 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:22:29.0840 1120 Msfs - ok
10:22:29.0871 1120 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:22:29.0871 1120 msisadrv - ok
10:22:29.0902 1120 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:22:29.0902 1120 MSiSCSI - ok
10:22:29.0918 1120 msiserver - ok
10:22:29.0964 1120 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:22:29.0964 1120 MSKSSRV - ok
10:22:30.0011 1120 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:22:30.0011 1120 MsMpSvc - ok
10:22:30.0027 1120 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:22:30.0027 1120 MSPCLOCK - ok
10:22:30.0058 1120 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:22:30.0058 1120 MSPQM - ok
10:22:30.0074 1120 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:22:30.0074 1120 MsRPC - ok
10:22:30.0105 1120 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:22:30.0105 1120 mssmbios - ok
10:22:30.0136 1120 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:22:30.0136 1120 MSTEE - ok
10:22:30.0183 1120 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
10:22:30.0183 1120 Mup - ok
10:22:30.0214 1120 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
10:22:30.0230 1120 napagent - ok
10:22:30.0245 1120 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:22:30.0245 1120 NativeWifiP - ok
10:22:30.0276 1120 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:22:30.0292 1120 NDIS - ok
10:22:30.0308 1120 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:22:30.0308 1120 NdisTapi - ok
10:22:30.0323 1120 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:22:30.0323 1120 Ndisuio - ok
10:22:30.0354 1120 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:22:30.0354 1120 NdisWan - ok
10:22:30.0354 1120 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:22:30.0354 1120 NDProxy - ok
10:22:30.0417 1120 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:22:30.0417 1120 Net Driver HPZ12 - ok
10:22:30.0432 1120 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:22:30.0432 1120 NetBIOS - ok
10:22:30.0448 1120 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:22:30.0448 1120 netbt - ok
10:22:30.0464 1120 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
10:22:30.0464 1120 Netlogon - ok
10:22:30.0495 1120 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:22:30.0510 1120 Netman - ok
10:22:30.0526 1120 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:22:30.0542 1120 netprofm - ok
10:22:30.0573 1120 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:22:30.0573 1120 NetTcpPortSharing - ok
10:22:30.0666 1120 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
10:22:30.0713 1120 NETw3v32 - ok
10:22:30.0838 1120 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
10:22:30.0916 1120 NETw5v32 - ok
10:22:30.0947 1120 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:22:30.0947 1120 nfrd960 - ok
10:22:31.0010 1120 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:22:31.0010 1120 NisDrv - ok
10:22:31.0056 1120 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:22:31.0056 1120 NisSrv - ok
10:22:31.0088 1120 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:22:31.0103 1120 NlaSvc - ok
10:22:31.0119 1120 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:22:31.0119 1120 Npfs - ok
10:22:31.0150 1120 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
10:22:31.0150 1120 NSCIRDA - ok
10:22:31.0181 1120 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:22:31.0181 1120 nsi - ok
10:22:31.0197 1120 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:22:31.0197 1120 nsiproxy - ok
10:22:31.0244 1120 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:22:31.0244 1120 Ntfs - ok
10:22:31.0275 1120 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:22:31.0275 1120 ntrigdigi - ok
10:22:31.0275 1120 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:22:31.0275 1120 Null - ok
10:22:31.0306 1120 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:22:31.0306 1120 nvraid - ok
10:22:31.0337 1120 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:22:31.0337 1120 nvstor - ok
10:22:31.0353 1120 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:22:31.0353 1120 nv_agp - ok
10:22:31.0368 1120 NwlnkFlt - ok
10:22:31.0384 1120 NwlnkFwd - ok
10:22:31.0540 1120 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:22:31.0540 1120 odserv - ok
10:22:31.0587 1120 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:22:31.0587 1120 ohci1394 - ok
10:22:31.0634 1120 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:22:31.0634 1120 ose - ok
10:22:31.0680 1120 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:22:31.0696 1120 p2pimsvc - ok
10:22:31.0712 1120 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
10:22:31.0712 1120 p2psvc - ok
10:22:31.0743 1120 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:22:31.0743 1120 Parport - ok
10:22:31.0790 1120 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:22:31.0805 1120 partmgr - ok
10:22:31.0821 1120 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:22:31.0821 1120 Parvdm - ok
10:22:31.0836 1120 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:22:31.0836 1120 PcaSvc - ok
10:22:31.0852 1120 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
10:22:31.0852 1120 pci - ok
10:22:31.0868 1120 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
10:22:31.0868 1120 pciide - ok
10:22:31.0899 1120 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:22:31.0899 1120 pcmcia - ok
10:22:31.0946 1120 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:22:31.0977 1120 PEAUTH - ok
10:22:32.0024 1120 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:22:32.0070 1120 pla - ok
10:22:32.0102 1120 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:22:32.0102 1120 PlugPlay - ok
10:22:32.0117 1120 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:22:32.0117 1120 Pml Driver HPZ12 - ok
10:22:32.0148 1120 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:22:32.0148 1120 PNRPAutoReg - ok
10:22:32.0164 1120 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:22:32.0180 1120 PNRPsvc - ok
10:22:32.0211 1120 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:22:32.0211 1120 PolicyAgent - ok
10:22:32.0242 1120 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:22:32.0258 1120 PptpMiniport - ok
10:22:32.0273 1120 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
10:22:32.0273 1120 Processor - ok
10:22:32.0304 1120 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
10:22:32.0304 1120 ProfSvc - ok
10:22:32.0336 1120 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:22:32.0336 1120 ProtectedStorage - ok
10:22:32.0351 1120 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:22:32.0351 1120 PSched - ok
10:22:32.0414 1120 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:22:32.0445 1120 ql2300 - ok
10:22:32.0492 1120 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:22:32.0492 1120 ql40xx - ok
10:22:32.0523 1120 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:22:32.0538 1120 QWAVE - ok
10:22:32.0554 1120 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:22:32.0554 1120 QWAVEdrv - ok
10:22:32.0570 1120 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:22:32.0570 1120 RasAcd - ok
10:22:32.0585 1120 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:22:32.0601 1120 RasAuto - ok
10:22:32.0616 1120 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:22:32.0616 1120 Rasl2tp - ok
10:22:32.0632 1120 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
10:22:32.0648 1120 RasMan - ok
10:22:32.0663 1120 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:22:32.0663 1120 RasPppoe - ok
10:22:32.0679 1120 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:22:32.0679 1120 RasSstp - ok
10:22:32.0694 1120 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:22:32.0710 1120 rdbss - ok
10:22:32.0726 1120 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:22:32.0726 1120 RDPCDD - ok
10:22:32.0757 1120 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:22:32.0772 1120 rdpdr - ok
10:22:32.0772 1120 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:22:32.0772 1120 RDPENCDD - ok
10:22:32.0819 1120 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:22:32.0819 1120 RDPWD - ok
10:22:32.0882 1120 [ 3FF45B7F17D5837216ABAE652CC61540 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:22:33.0053 1120 RegSrvc - ok
10:22:33.0116 1120 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:22:33.0116 1120 RemoteAccess - ok
10:22:33.0147 1120 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:22:33.0147 1120 RemoteRegistry - ok
10:22:33.0178 1120 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:22:33.0178 1120 RpcLocator - ok
10:22:33.0209 1120 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
10:22:33.0225 1120 RpcSs - ok
10:22:33.0225 1120 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:22:33.0240 1120 rspndr - ok
10:22:33.0256 1120 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
10:22:33.0256 1120 SamSs - ok
10:22:33.0287 1120 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:22:33.0287 1120 sbp2port - ok
10:22:33.0303 1120 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:22:33.0318 1120 SCardSvr - ok
10:22:33.0350 1120 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
10:22:33.0365 1120 Schedule - ok
10:22:33.0396 1120 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:22:33.0412 1120 SCPolicySvc - ok
10:22:33.0428 1120 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:22:33.0443 1120 sdbus - ok
10:22:33.0443 1120 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:22:33.0459 1120 SDRSVC - ok
10:22:33.0474 1120 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:22:33.0474 1120 secdrv - ok
10:22:33.0490 1120 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:22:33.0490 1120 seclogon - ok
10:22:33.0506 1120 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
10:22:33.0506 1120 SENS - ok
10:22:33.0521 1120 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:22:33.0521 1120 Serenum - ok
10:22:33.0552 1120 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:22:33.0552 1120 Serial - ok
10:22:33.0584 1120 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:22:33.0584 1120 sermouse - ok
10:22:33.0615 1120 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:22:33.0615 1120 SessionEnv - ok
10:22:33.0630 1120 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:22:33.0630 1120 sffdisk - ok
10:22:33.0662 1120 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:22:33.0662 1120 sffp_mmc - ok
10:22:33.0677 1120 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:22:33.0677 1120 sffp_sd - ok
10:22:33.0693 1120 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:22:33.0693 1120 sfloppy - ok
10:22:33.0740 1120 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:22:33.0740 1120 SharedAccess - ok
10:22:33.0786 1120 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:22:33.0786 1120 ShellHWDetection - ok
10:22:33.0818 1120 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:22:33.0818 1120 sisagp - ok
10:22:33.0833 1120 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:22:33.0849 1120 SiSRaid2 - ok
10:22:33.0864 1120 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:22:33.0864 1120 SiSRaid4 - ok
10:22:33.0974 1120 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
10:22:34.0052 1120 slsvc - ok
10:22:34.0083 1120 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:22:34.0098 1120 SLUINotify - ok
10:22:34.0098 1120 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:22:34.0114 1120 Smb - ok
10:22:34.0130 1120 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:22:34.0130 1120 SNMPTRAP - ok
10:22:34.0145 1120 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:22:34.0161 1120 spldr - ok
10:22:34.0192 1120 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
10:22:34.0192 1120 Spooler - ok
10:22:34.0223 1120 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:22:34.0239 1120 srv - ok
10:22:34.0239 1120 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:22:34.0254 1120 srv2 - ok
10:22:34.0270 1120 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:22:34.0270 1120 srvnet - ok
10:22:34.0286 1120 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:22:34.0301 1120 SSDPSRV - ok
10:22:34.0317 1120 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:22:34.0332 1120 SstpSvc - ok
10:22:34.0364 1120 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
10:22:34.0379 1120 stisvc - ok
10:22:34.0410 1120 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:22:34.0410 1120 swenum - ok
10:22:34.0442 1120 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
10:22:34.0442 1120 swprv - ok
10:22:34.0473 1120 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:22:34.0473 1120 Symc8xx - ok
10:22:34.0488 1120 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:22:34.0488 1120 Sym_hi - ok
10:22:34.0520 1120 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:22:34.0520 1120 Sym_u3 - ok
10:22:34.0551 1120 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
10:22:34.0551 1120 SysMain - ok
10:22:34.0582 1120 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:22:34.0582 1120 TabletInputService - ok
10:22:34.0613 1120 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:22:34.0613 1120 TapiSrv - ok
10:22:34.0629 1120 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:22:34.0629 1120 TBS - ok
10:22:34.0691 1120 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:22:34.0722 1120 Tcpip - ok
10:22:34.0738 1120 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:22:34.0754 1120 Tcpip6 - ok
10:22:34.0785 1120 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:22:34.0785 1120 tcpipreg - ok
10:22:34.0832 1120 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:22:34.0832 1120 TDPIPE - ok
10:22:34.0847 1120 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:22:34.0847 1120 TDTCP - ok
10:22:34.0878 1120 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:22:34.0894 1120 tdx - ok
10:22:34.0910 1120 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:22:34.0910 1120 TermDD - ok
10:22:34.0925 1120 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
10:22:34.0941 1120 TermService - ok
10:22:34.0956 1120 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
10:22:34.0972 1120 Themes - ok
10:22:34.0988 1120 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:22:34.0988 1120 THREADORDER - ok
10:22:35.0003 1120 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:22:35.0003 1120 TrkWks - ok
10:22:35.0050 1120 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:22:35.0050 1120 TrustedInstaller - ok
10:22:35.0097 1120 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:22:35.0097 1120 tssecsrv - ok
10:22:35.0112 1120 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:22:35.0112 1120 tunmp - ok
10:22:35.0159 1120 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:22:35.0159 1120 tunnel - ok
10:22:35.0190 1120 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:22:35.0190 1120 uagp35 - ok
10:22:35.0222 1120 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:22:35.0222 1120 udfs - ok
10:22:35.0284 1120 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:22:35.0284 1120 UI0Detect - ok
10:22:35.0300 1120 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:22:35.0315 1120 uliagpkx - ok
10:22:35.0331 1120 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:22:35.0331 1120 uliahci - ok
10:22:35.0362 1120 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:22:35.0362 1120 UlSata - ok
10:22:35.0393 1120 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:22:35.0409 1120 ulsata2 - ok
10:22:35.0424 1120 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:22:35.0424 1120 umbus - ok
10:22:35.0440 1120 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:22:35.0456 1120 upnphost - ok
10:22:35.0487 1120 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:22:35.0502 1120 USBAAPL - ok
10:22:35.0534 1120 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:22:35.0534 1120 usbccgp - ok
10:22:35.0565 1120 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:22:35.0565 1120 usbcir - ok
10:22:35.0596 1120 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:22:35.0612 1120 usbehci - ok
10:22:35.0612 1120 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:22:35.0627 1120 usbhub - ok
10:22:35.0643 1120 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:22:35.0643 1120 usbohci - ok
10:22:35.0674 1120 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:22:35.0674 1120 usbprint - ok
10:22:35.0705 1120 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:22:35.0705 1120 usbscan - ok
10:22:35.0736 1120 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:22:35.0736 1120 USBSTOR - ok
10:22:35.0752 1120 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:22:35.0752 1120 usbuhci - ok
10:22:35.0799 1120 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:22:35.0799 1120 usbvideo - ok
10:22:35.0830 1120 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
10:22:35.0830 1120 UxSms - ok
10:22:35.0861 1120 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
10:22:35.0861 1120 vds - ok
10:22:35.0908 1120 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:22:35.0908 1120 vga - ok
10:22:35.0924 1120 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:22:35.0924 1120 VgaSave - ok
10:22:35.0955 1120 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:22:35.0955 1120 viaagp - ok
10:22:35.0970 1120 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:22:35.0970 1120 ViaC7 - ok
10:22:36.0002 1120 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
10:22:36.0002 1120 viaide - ok
10:22:36.0017 1120 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:22:36.0017 1120 volmgr - ok
10:22:36.0048 1120 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:22:36.0048 1120 volmgrx - ok
10:22:36.0080 1120 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:22:36.0095 1120 volsnap - ok
10:22:36.0126 1120 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:22:36.0126 1120 vsmraid - ok
10:22:36.0189 1120 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
10:22:36.0220 1120 VSS - ok
10:22:36.0236 1120 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
10:22:36.0251 1120 W32Time - ok
10:22:36.0267 1120 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:22:36.0282 1120 WacomPen - ok
10:22:36.0298 1120 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:22:36.0298 1120 Wanarp - ok
10:22:36.0298 1120 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:22:36.0314 1120 Wanarpv6 - ok
10:22:36.0329 1120 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:22:36.0345 1120 wcncsvc - ok
10:22:36.0376 1120 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:22:36.0376 1120 WcsPlugInService - ok
10:22:36.0407 1120 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
10:22:36.0407 1120 Wd - ok
10:22:36.0438 1120 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:22:36.0454 1120 Wdf01000 - ok
10:22:36.0501 1120 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:22:36.0501 1120 WdiServiceHost - ok
10:22:36.0501 1120 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:22:36.0516 1120 WdiSystemHost - ok
10:22:36.0532 1120 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
10:22:36.0532 1120 WebClient - ok
10:22:36.0579 1120 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:22:36.0579 1120 Wecsvc - ok
10:22:36.0594 1120 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:22:36.0594 1120 wercplsupport - ok
10:22:36.0626 1120 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
10:22:36.0626 1120 WerSvc - ok
10:22:36.0672 1120 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:22:36.0688 1120 winachsf - ok
10:22:36.0735 1120 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:22:36.0735 1120 WinDefend - ok
10:22:36.0750 1120 WinHttpAutoProxySvc - ok
10:22:36.0797 1120 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:22:36.0797 1120 Winmgmt - ok
10:22:36.0860 1120 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:22:36.0891 1120 WinRM - ok
10:22:36.0938 1120 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:22:36.0938 1120 Wlansvc - ok
10:22:36.0984 1120 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:22:36.0984 1120 WmiAcpi - ok
10:22:37.0000 1120 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:22:37.0016 1120 wmiApSrv - ok
10:22:37.0062 1120 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:22:37.0094 1120 WMPNetworkSvc - ok
10:22:37.0125 1120 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:22:37.0125 1120 WPCSvc - ok
10:22:37.0156 1120 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:22:37.0172 1120 WPDBusEnum - ok
10:22:37.0218 1120 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:22:37.0218 1120 WpdUsb - ok
10:22:37.0343 1120 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:22:37.0359 1120 WPFFontCache_v0400 - ok
10:22:37.0390 1120 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:22:37.0390 1120 ws2ifsl - ok
10:22:37.0406 1120 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
10:22:37.0421 1120 wscsvc - ok
10:22:37.0421 1120 WSearch - ok
10:22:37.0530 1120 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:22:37.0577 1120 wuauserv - ok
10:22:37.0593 1120 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:22:37.0608 1120 WUDFRd - ok
10:22:37.0640 1120 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:22:37.0640 1120 wudfsvc - ok
10:22:37.0686 1120 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
10:22:37.0686 1120 XAudio - ok
10:22:37.0702 1120 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
10:22:37.0718 1120 XAudioService - ok
10:22:37.0733 1120 ================ Scan global ===============================
10:22:37.0749 1120 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:22:37.0796 1120 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:22:37.0842 1120 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:22:37.0874 1120 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:22:37.0889 1120 [Global] - ok
10:22:37.0889 1120 ================ Scan MBR ==================================
10:22:37.0905 1120 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:22:38.0591 1120 \Device\Harddisk0\DR0 - ok
10:22:38.0607 1120 ================ Scan VBR ==================================
10:22:38.0607 1120 [ 14266FDB682A27BDD82F68FDCEE723DD ] \Device\Harddisk0\DR0\Partition1
10:22:38.0607 1120 \Device\Harddisk0\DR0\Partition1 - ok
10:22:38.0607 1120 ============================================================
10:22:38.0607 1120 Scan finished
10:22:38.0607 1120 ============================================================
10:22:38.0622 1384 Detected object count: 0
10:22:38.0622 1384 Actual detected object count: 0
bigmedia
Regular Member
 
Posts: 15
Joined: September 15th, 2012, 8:17 am
Advertisement
Register to Remove

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby pgmigg » September 20th, 2012, 10:56 am

Thank you bigmedia,
I think the computer is clean, but I'll wait to hear your assessment.
I don't think so. Actually I only accumulated information and asked you to run different scanners - the real cleaning will be started soon... :)
Also, I sent another post indicating that I think the virus is attached to my files on my zip drive
We will talk about you ZipDrive later...

Now I am analyzing you logs and will post next set of instructions ASAP.

pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby bigmedia » September 20th, 2012, 11:05 am

I will be patient. :)
bigmedia
Regular Member
 
Posts: 15
Joined: September 15th, 2012, 8:17 am

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby pgmigg » September 20th, 2012, 3:23 pm

Hello bigmedia,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    E - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\..\SearchScopes\{3052D4B6-E11D-4BA3-B124-64D698D57AA4}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=15D3BE26-B89B-4276-89AA-B5FD71C16B58&apn_sauid=94EF6DFF-D8C9-4884-B2EF-0173B00D56FA
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - user.js - File not found
    
    :Files
    C:\Windows\*.tmp
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
aswMBR - Scan
Please download aswMBR.exe ... © Avast Software. Save it to your desktop.
  1. Right click the aswMBR.exe icon... select "Run As Administrator" to run it.
  2. aswmbr uses Avast's virus definition, if prompted to download definitions... reply Yes.
    It may take some time for these definitions to download, please be patient.
  3. Make sure Quick Scan is set in the options... then click the "Scan" button to start the scan.
    The scan will take a few minutes, please be patient.
  4. On completion... "Scan finished successfully" will be displayed... press the "Save log" button.
  5. You'll be prompted to save a file named "aswMBR.txt"... Save it to your desktop.
  6. Please copy and paste the contents of aswMBR.txt in your next reply.
Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat
This is a copy of your MBR record, before any changes, to be used to recover MBR to previous condition, if problem exist after changes.

Step 3.
Malwarebytes' Anti-Malware [MBAM]
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.
  1. Make sure you are connected to the Internet.
  2. Double-click on mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform Full Scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will say "The scan completed successfully. Click '[b]Show Results' to display all objects found[/b]".
  6. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Then,
Please tell me which AntiVirus program did you decide to keep? It looks like you uninstalled both of them.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of scan results from aswMBR.txt file.
  4. Contents of the most recent MBAM Log file.
  5. Answer for my question related to AV program you use now.
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby bigmedia » September 20th, 2012, 4:07 pm

Hello pgmigg,

I will follow your instructions and respond with the results tomorrow.

Best regards,
bigmedia
bigmedia
Regular Member
 
Posts: 15
Joined: September 15th, 2012, 8:17 am

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby bigmedia » September 21st, 2012, 6:40 am

Hello pgmigg,

Here are the contents of the OTL, aswMBR.exe and MBAM runs.

A. I have no problem executing the instructions. They are clear and easy to follow. Thank you for their completeness and ease.
B. OTL contents below.
C. asw contents below.
D. MBAM contents below.
E. I am using Microsoft Essentials for AV. I deleted Avast.
F. My computer seems to be running smoother.


All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
========== FILES ==========
C:\Windows\msdownld.tmp folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael\Desktop\cmd.bat deleted successfully.
C:\Users\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 2406927 bytes
->Temporary Internet Files folder emptied: 107557705 bytes
->Java cache emptied: 395 bytes
->FireFox cache emptied: 179829382 bytes
->Google Chrome cache emptied: 22306313 bytes
->Flash cache emptied: 57846 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136130456 bytes
RecycleBin emptied: 2224 bytes

Total Files Cleaned = 428.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Michael
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Michael
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.64.0 log created on 09202012_154208

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 15:55:55
-----------------------------
15:55:55.720 OS Version: Windows 6.0.6002 Service Pack 2
15:55:55.720 Number of processors: 2 586 0xF0D
15:55:55.720 ComputerName: MICHAEL-PC UserName: Michael
15:56:08.262 Initialize success
15:57:51.152 AVAST engine defs: 12092000
15:58:43.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
15:58:43.194 Disk 0 Vendor: WDC_WD5000BPVT-00HXZT3 01.01A01 Size: 476940MB BusType: 3
15:58:43.210 Disk 0 MBR read successfully
15:58:43.210 Disk 0 MBR scan
15:58:43.225 Disk 0 Windows VISTA default MBR code
15:58:43.225 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
15:58:43.256 Disk 0 scanning sectors +976771072
15:58:43.350 Disk 0 scanning C:\Windows\system32\drivers
15:59:05.174 Service scanning
15:59:21.866 Service MpKsl737ed7a9 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B81530-CF2B-44F3-99F6-83CF947FE8F0}\MpKsl737ed7a9.sys **LOCKED** 32
15:59:44.798 Modules scanning
15:59:50.087 Disk 0 trace - called modules:
15:59:50.118 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS dxgkrnl.sys igdkmd32.sys watchdog.sys
15:59:50.617 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85030498]
15:59:50.617 3 CLASSPNP.SYS[8819d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84e1e8a0]
15:59:53.222 AVAST engine scan C:\Windows
15:59:59.681 AVAST engine scan C:\Windows\system32
16:06:25.082 AVAST engine scan C:\Windows\system32\drivers
16:06:52.756 AVAST engine scan C:\Users\Michael
16:12:10.867 AVAST engine scan C:\ProgramData
16:13:34.889 Scan finished successfully
16:14:02.251 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
16:14:02.298 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"



Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [administrator]

Protection: Enabled

9/20/2012 4:22:15 PM
mbam-log-2012-09-20 (16-22-15).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284051
Time elapsed: 50 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Michael\AppData\Local\{1233dab3-6834-1810-fade-9941f10c6660}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
bigmedia
Regular Member
 
Posts: 15
Joined: September 15th, 2012, 8:17 am

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby pgmigg » September 21st, 2012, 11:41 am

Hello bigmedia,

Very good job! :) Let continue...

ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.

Please disable any Antivirus or Firewall you have active, as shown in this topic. <<--- IMPORTANT!! .

Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent ComboFix.txt file.
  3. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby bigmedia » September 21st, 2012, 4:53 pm

Hello pgmigg,

Here is the log from ComboFix.txt

A. No problem following the instructions.
B. ComboFix log below.
C. Computer seems to be working fine with now problems thus far. ;)

ComboFix 12-09-20.03 - Michael 09/21/2012 16:22:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1081 [GMT -4:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
.
.
2012-09-21 20:43 . 2012-09-21 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 20:20 . 2012-09-20 20:20 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2012-09-20 20:20 . 2012-09-20 20:20 -------- d-----w- c:\programdata\Malwarebytes
2012-09-20 20:20 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 20:20 . 2012-09-20 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-20 19:42 . 2012-09-20 19:42 -------- d-----w- C:\_OTL
2012-09-20 11:18 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55B81530-CF2B-44F3-99F6-83CF947FE8F0}\mpengine.dll
2012-09-17 21:43 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 18:24 . 2012-04-01 12:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 18:24 . 2011-11-11 15:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:06 . 2012-07-20 21:34 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2011-11-11 15:55 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:02 . 2012-08-20 18:34 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16 . 2012-08-20 18:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-20 18:34 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-20 18:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-20 18:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-20 18:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 06:53 . 2011-11-11 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Spotify Web Helper"="c:\users\Michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-12 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2012-1-14 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1016077103-1827332130-2165504413-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 06:15]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1016077103-1827332130-2165504413-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 06:15]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\74wt5r8t.default\
FF - prefs.js: browser.search.selectedEngine -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-21 16:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Michael\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-21 16:45:20
ComboFix-quarantined-files.txt 2012-09-21 20:45
.
Pre-Run: 405,059,715,072 bytes free
Post-Run: 405,116,571,648 bytes free
.
- - End Of File - - A41A97074704FAFBF00993A5028A2947
bigmedia
Regular Member
 
Posts: 15
Joined: September 15th, 2012, 8:17 am

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby pgmigg » September 21st, 2012, 5:08 pm

Hello bigmedia,
C. Computer seems to be working fine with now problems thus far. ;)
It is nice to hear... :D
But let to do something else.

Step 1.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
  3. Contents of the most recent OTL.txt file
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby bigmedia » September 21st, 2012, 6:44 pm

pgmigg,

Thinks are looking pretty good here.

A. No problems executing the instructions.
B. ESET contents below.
C. OTL contents below.
D. Computer is working fine.


:cheers:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ecab25be3b53424cafe41525588bfaf1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-21 10:17:15
# local_time=2012-09-21 06:17:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 26696459 184870090 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=99767
# found=0
# cleaned=0
# scan_time=3273


OTL logfile created on: 9/21/2012 6:26:16 PM - Run 2
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Michael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.38% Memory free
4.22 Gb Paging File | 3.00 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 377.32 Gb Free Space | 81.01% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/20 07:16:07 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/14 17:06:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/01/06 17:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2009/04/11 09:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/01/08 08:25:14 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/17 03:20:05 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/17 03:10:53 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/17 03:10:28 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/17 03:10:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/17 03:09:51 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/12 08:32:47 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 08:31:22 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
MOD - [2012/05/12 08:31:21 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/12 08:28:12 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
MOD - [2012/05/12 08:27:58 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/12 08:27:54 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/12 08:27:46 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/12 08:27:37 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/14 17:06:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/10/16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Michael\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2008/11/17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 F3 05 B5 B1 A4 CC 01 [binary data]
IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\..\SearchScopes\{3052D4B6-E11D-4BA3-B124-64D698D57AA4}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=15D3BE26-B89B-4276-89AA-B5FD71C16B58&apn_sauid=94EF6DFF-D8C9-4884-B2EF-0173B00D56FA
IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 11:59:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.5.0\FF [2012/02/19 13:57:20 | 000,000,000 | ---D | M]

[2012/04/09 13:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/07/20 17:48:46 | 000,002,299 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\74wt5r8t.default\searchplugins\askcom.xml
[2012/07/20 17:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 02:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Funmoods = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
CHR - Extension: Funmoods = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
CHR - Extension: avast! WebRep = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: avast! WebRep = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000..\Run: [Spotify Web Helper] C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FBD445A-BC9C-4DA5-A65A-92B15554A2D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{988F2B2D-5BA4-40E1-BD92-0C32DD77C2EB}: DhcpNameServer = 130.101.140.26
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/21 17:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/21 16:45:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/21 16:44:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 16:19:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/21 16:19:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/21 16:19:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/21 16:19:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/21 16:18:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/21 13:35:57 | 004,754,290 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2012/09/21 06:55:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Malware Removal virus help
[2012/09/20 16:20:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2012/09/20 16:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/20 16:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/20 16:20:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/20 16:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/20 15:53:10 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Michael\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/20 15:53:03 | 006,718,992 | ---- | C] (Support.com ) -- C:\Users\Michael\Desktop\ARO2012_uc-f31eetest-aro.exe
[2012/09/20 15:50:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2012/09/20 15:42:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/20 07:16:03 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/09/20 07:08:11 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe
[2012/08/29 17:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

========== Files - Modified Within 30 Days ==========

[2012/09/21 18:25:10 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1016077103-1827332130-2165504413-1000UA.job
[2012/09/21 18:08:38 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 18:08:38 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 17:15:02 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/21 17:15:02 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/21 16:08:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/21 13:38:41 | 004,754,290 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2012/09/21 12:25:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1016077103-1827332130-2165504413-1000Core.job
[2012/09/20 16:20:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 15:53:47 | 006,718,992 | ---- | M] (Support.com ) -- C:\Users\Michael\Desktop\ARO2012_uc-f31eetest-aro.exe
[2012/09/20 15:53:33 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michael\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/20 15:51:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2012/09/20 07:16:07 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/09/20 07:08:48 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe
[2012/09/15 11:01:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/01 09:24:14 | 000,002,052 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012/09/01 09:24:14 | 000,002,014 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/09/21 16:19:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/21 16:19:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/21 16:19:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/21 16:19:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/21 16:19:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/20 16:20:15 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/25 15:03:18 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/19 14:02:13 | 000,006,144 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 09:35:35 | 000,157,694 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/12/28 09:35:35 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/11/19 11:41:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2011/11/19 11:41:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2011/11/11 11:56:04 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/11/11 11:56:02 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/11/11 11:56:02 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/11/11 11:56:02 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/11/10 18:30:59 | 000,001,356 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

< End of report >
bigmedia
Regular Member
 
Posts: 15
Joined: September 15th, 2012, 8:17 am

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby pgmigg » September 22nd, 2012, 12:43 am

Hello bigmedia,
D. Computer is working fine.
I am glad to help you! :D

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps

Step 1.
Please update your Mozilla Firefox browser - the latest version is 15.0.1
Open the browser, click to Help -> About Firefox and follow to prompts...

Step 2.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u7) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x86 Offline, click on the associated file name, then save the file to your Desktop.

REMOVE OLD JAVA
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Java Auto Updater
    Java(TM) 7 Update 5
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From Desktop please right-click on jre-7u7-windows-i586.exe select "Run As Administrator..." to install the newest version.
  3. Follow the on-screen directions. When installation is completed successfully, please reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Advanced tab and find the JRE Auto-Download sub-menu.
  3. CHECK "Never Auto-Download". (You can check for updates manually.)
  4. Press Apply and OK, then close the Java Control Panel and exit Control Panel.

Step 3.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    IE - HKU\S-1-5-21-1016077103-1827332130-2165504413-1000\..\SearchScopes\{3052D4B6-E11D-4BA3-B124-64D698D57AA4}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=15D3BE26-B89B-4276-89AA-B5FD71C16B58&apn_sauid=94EF6DFF-D8C9-4884-B2EF-0173B00D56FA
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - Extension: Funmoods = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
    CHR - Extension: Funmoods = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
    
    :Files
    C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\74wt5r8t.default\searchplugins\askcom.xml
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [resethosts]
    [CLEARALLRESTOREPOINTS]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 4.
ComboFix - Cleanup
Time for some housekeeping
  1. Click Start...select Run from the menu.
  2. Copy and paste the following into the text entry box:
    Combofix /Uninstall
  3. Click the OK button. (See image below as reference.)
Image

Step 5.
OTL-Cleanup
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Step 6.
However, before I ran your fix, I moved all my files (notes, resumes, bill, etc.) to zip drives (USB keys). When I plug those in, the virus scan software indicates there are problems on the drive. I suspect the virus is connected to the files. Can I clean those or do I just need to wipe the whole zip drive? I'd like to recover some of them if possible.

Flash_Disinfector
  1. Please download Flash_Disinfector...by sUBs and save it to your desktop.
  2. Right click on Flash_Disinfector.exe and select "Run As Administrator..." to run it. If you receive a UAC prompt, please allow it..
  3. Plug in your flash drive...when prompted.
  4. Flash_Disinfector will start disinfecting your flash and hard drives.
    This takes a few seconds. Your desktop will disappear in the meantime...this is normal.
  5. When done, a message "Done!" box will appear. Click the OK...button.
  6. Your desktop should now appear. If it doesn't, press (Ctrl + Shift + Esc) or (Ctrl+Alt+Delete) to open Task Manager.
    Click on File...then select, press New Task (Run...).
    In the "Create New Task" entry box...type in explorer.exe and press Enter. Your desktop should now appear.
Flash Disinfector, as a security measure, will put a file called Autorun.inf on your hard drive(s) and each removable drive it processed.
This prevents malicious software from putting it's own "autorun.inf" file on the drive.

Note: This procedure should be performed on each flash drive you have, to prevent reinfection.

Then:
Please don't forget to enable all your defense software!

Finally, please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby bigmedia » September 22nd, 2012, 10:06 am

pgmigg,

Your help was outstanding. I can't thank you enough. My computer is now clean and much, much faster. I will read (and memorize) the guide to staying safe online.

As a final note, the Fash_Disinfector doesn't seem to function. I've downloaded it a couple times, but it doesn't seem to execute. When I select "Run As Administrator", it does nothing, no matter how long I wait. I've even tried just connecting a flash drive to see if it activated automatically. No luck. I've scanned my flash drives with MS Security Essentials. I'm hoping that will be sufficient, though I'll keep trying with Flash_Disinfector.

I think I can figure it our from here. I don't want to keep taking up your time. So, again, THANK YOU, THANK YOU, THANK YOU. :joker: :cheers: :bounce:

Best regards,
bigmedia
bigmedia
Regular Member
 
Posts: 15
Joined: September 15th, 2012, 8:17 am

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby pgmigg » September 22nd, 2012, 12:26 pm

Hello bigmedia,
As a final note, the Fash_Disinfector doesn't seem to function. I've downloaded it a couple times, but it doesn't seem to execute. When I select "Run As Administrator", it does nothing, no matter how long I wait. I've even tried just connecting a flash drive to see if it activated automatically. No luck. I've scanned my flash drives with MS Security Essentials. I'm hoping that will be sufficient, though I'll keep trying with Flash_Disinfector.
Sorry for inconvenience! Yes, this version does not work at all, but if you could resolve your problems by MS Security Essentials, you achieved the results and it is good! :)
Your help was outstanding. I can't thank you enough. My computer is now clean and much, much faster. I will read (and memorize) the guide to staying safe online.
I think I can figure it our from here. I don't want to keep taking up your time. So, again, THANK YOU, THANK YOU, THANK YOU.
You are very welcome, bigmedia! :D

If all your problems are gone, this topic will be closed.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer freezes, slow Trojan:Wind31/Sirefef!cfg

Unread postby NonSuch » September 23rd, 2012, 9:47 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware